Domain level policy settings precedence

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi again,
I wanted to set the following policy on the domain level:

Network security: Do not store LAN Manager hash value on next password
change
Send NTLMv2 response only\refuse LM & NTLM: Clients use NTLMv2
authentication only and use NTLMv2 session security if the server supports
it; domain controllers refuse LM and NTLM (accept only NTLMv2
authentication).

I know that the account policies of the domain take precedence over
everything but is that also true for other settings within the domain wide
policy. I want to be able to override the second setting in a sub OU. Will
I be able to do that??

-SA.
1 answer Last reply
More about domain level policy settings precedence
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    GPO precedence is a matter of Group Policy processing, and should affect all
    extensions and settings equally. Technically the implementation of a
    particular extension could break this, but that's probably not an issue.

    Regards,

    Eric Voskuil
    Policy Maker
    http://www.autoprof.com/policy


    "SA" <nospam@nospam.nospam> wrote in message
    news:eCno8txJEHA.628@TK2MSFTNGP11.phx.gbl...
    > Hi again,
    > I wanted to set the following policy on the domain level:
    >
    > Network security: Do not store LAN Manager hash value on next password
    > change
    > Send NTLMv2 response only\refuse LM & NTLM: Clients use NTLMv2
    > authentication only and use NTLMv2 session security if the server supports
    > it; domain controllers refuse LM and NTLM (accept only NTLMv2
    > authentication).
    >
    > I know that the account policies of the domain take precedence over
    > everything but is that also true for other settings within the domain wide
    > policy. I want to be able to override the second setting in a sub OU.
    Will
    > I be able to do that??
    >
    > -SA.
    >
    >
Ask a new question

Read More

Policy Domain Authentication Windows