Disabling the Default Domain Policy

Archived from groups: microsoft.public.win2000.group_policy (More info?)

All,

Does anyone know what the effects are of disabling the
default domain policy at the domain level?

Thanks.
4 answers Last reply
More about disabling default domain policy
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hi Josh

    Effect is that Domain wide policy doesn't apply. It's not a good thing to
    do. Why the question?

    Kind regards
    --
    Mark Renoden [MSFT]
    Windows Platform Support Team
    Email: markreno@online.microsoft.com

    Please note you'll need to strip ".online" from my email address to email
    me; I'll post a response back to the group.

    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Josh" <anonymous@discussions.microsoft.com> wrote in message
    news:27f0f01c4645c$16bc3b20$a601280a@phx.gbl...
    > All,
    >
    > Does anyone know what the effects are of disabling the
    > default domain policy at the domain level?
    >
    > Thanks.
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Josh-
    That's assuming of course, that there isn't another GPO linked to the
    domain. I've had this conversation with some other folks before and there is
    this "fear" that there is something magical about the Def. Domain Policy and
    Def. DC Policy and that disabling them is bad. I haven't found that to be
    the case. You just need to be aware of what the effects are, as Mark
    indicates. If you set account policy, for example, through the Default
    Domain Policy, and then you disable the DDP, that account policy won't be
    undone--it just won't be change-able until you have another domain-linked
    GPO available.

    --
    Darren Mar-Elia
    MS-MVP-Windows Management
    http://www.gpoguy.com


    "Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
    news:Obh%2307GZEHA.728@TK2MSFTNGP09.phx.gbl...
    > Hi Josh
    >
    > Effect is that Domain wide policy doesn't apply. It's not a good thing to
    > do. Why the question?
    >
    > Kind regards
    > --
    > Mark Renoden [MSFT]
    > Windows Platform Support Team
    > Email: markreno@online.microsoft.com
    >
    > Please note you'll need to strip ".online" from my email address to email
    > me; I'll post a response back to the group.
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    >
    > "Josh" <anonymous@discussions.microsoft.com> wrote in message
    > news:27f0f01c4645c$16bc3b20$a601280a@phx.gbl...
    > > All,
    > >
    > > Does anyone know what the effects are of disabling the
    > > default domain policy at the domain level?
    > >
    > > Thanks.
    >
    >
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Well the reason I asked is because I have a domain were
    the default domain policy is disabled and no policy is
    linked to the domain. But there are still account lockout
    after a certain amount of bad tries. Where is this policy
    coming from?
    >-----Original Message-----
    >Josh-
    >That's assuming of course, that there isn't another GPO
    linked to the
    >domain. I've had this conversation with some other folks
    before and there is
    >this "fear" that there is something magical about the
    Def. Domain Policy and
    >Def. DC Policy and that disabling them is bad. I haven't
    found that to be
    >the case. You just need to be aware of what the effects
    are, as Mark
    >indicates. If you set account policy, for example,
    through the Default
    >Domain Policy, and then you disable the DDP, that account
    policy won't be
    >undone--it just won't be change-able until you have
    another domain-linked
    >GPO available.
    >
    >--
    >Darren Mar-Elia
    >MS-MVP-Windows Management
    >http://www.gpoguy.com
    >
    >
    >
    >"Mark Renoden [MSFT]" <markreno@online.microsoft.com>
    wrote in message
    >news:Obh%2307GZEHA.728@TK2MSFTNGP09.phx.gbl...
    >> Hi Josh
    >>
    >> Effect is that Domain wide policy doesn't apply. It's
    not a good thing to
    >> do. Why the question?
    >>
    >> Kind regards
    >> --
    >> Mark Renoden [MSFT]
    >> Windows Platform Support Team
    >> Email: markreno@online.microsoft.com
    >>
    >> Please note you'll need to strip ".online" from my
    email address to email
    >> me; I'll post a response back to the group.
    >>
    >> This posting is provided "AS IS" with no warranties,
    and confers no
    >rights.
    >>
    >> "Josh" <anonymous@discussions.microsoft.com> wrote in
    message
    >> news:27f0f01c4645c$16bc3b20$a601280a@phx.gbl...
    >> > All,
    >> >
    >> > Does anyone know what the effects are of disabling the
    >> > default domain policy at the domain level?
    >> >
    >> > Thanks.
    >>
    >>
    >
    >
    >.
    >
  4. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Josh-
    Whatever was sent down to the DCs is still in place. Account policy is
    stored locally on the DC, and its not one of those policies that gets
    "un-tattoo'd" when you remove the GPO. If you fire up the local GPO editor
    (gpedit.msc) on one of those DCs, you'll see the effective policy.

    --
    Darren Mar-Elia
    MS-MVP-Windows Management
    http://www.gpoguy.com


    "Josh" <anonymous@discussions.microsoft.com> wrote in message
    news:29cce01c46509$dd55df40$a301280a@phx.gbl...
    > Well the reason I asked is because I have a domain were
    > the default domain policy is disabled and no policy is
    > linked to the domain. But there are still account lockout
    > after a certain amount of bad tries. Where is this policy
    > coming from?
    > >-----Original Message-----
    > >Josh-
    > >That's assuming of course, that there isn't another GPO
    > linked to the
    > >domain. I've had this conversation with some other folks
    > before and there is
    > >this "fear" that there is something magical about the
    > Def. Domain Policy and
    > >Def. DC Policy and that disabling them is bad. I haven't
    > found that to be
    > >the case. You just need to be aware of what the effects
    > are, as Mark
    > >indicates. If you set account policy, for example,
    > through the Default
    > >Domain Policy, and then you disable the DDP, that account
    > policy won't be
    > >undone--it just won't be change-able until you have
    > another domain-linked
    > >GPO available.
    > >
    > >--
    > >Darren Mar-Elia
    > >MS-MVP-Windows Management
    > >http://www.gpoguy.com
    > >
    > >
    > >
    > >"Mark Renoden [MSFT]" <markreno@online.microsoft.com>
    > wrote in message
    > >news:Obh%2307GZEHA.728@TK2MSFTNGP09.phx.gbl...
    > >> Hi Josh
    > >>
    > >> Effect is that Domain wide policy doesn't apply. It's
    > not a good thing to
    > >> do. Why the question?
    > >>
    > >> Kind regards
    > >> --
    > >> Mark Renoden [MSFT]
    > >> Windows Platform Support Team
    > >> Email: markreno@online.microsoft.com
    > >>
    > >> Please note you'll need to strip ".online" from my
    > email address to email
    > >> me; I'll post a response back to the group.
    > >>
    > >> This posting is provided "AS IS" with no warranties,
    > and confers no
    > >rights.
    > >>
    > >> "Josh" <anonymous@discussions.microsoft.com> wrote in
    > message
    > >> news:27f0f01c4645c$16bc3b20$a601280a@phx.gbl...
    > >> > All,
    > >> >
    > >> > Does anyone know what the effects are of disabling the
    > >> > default domain policy at the domain level?
    > >> >
    > >> > Thanks.
    > >>
    > >>
    > >
    > >
    > >.
    > >
Ask a new question

Read More

Policy Default Domain Microsoft Windows