I am in the process of implementing a new security policy. In order to test the effects of the changes I created a test OU with test users and machines.
I changed the password policy, however, the policy did not occur on the test machines. When I did a "gpresult" I notice that the Local Group Policy was taking effect over the Domain Group Policy. How do I make it so that the Domain G.P. overrides the local G.P.?
Here's the gpresult output...
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Wednesday, July 27, 2005 at 3:08:23 PM
Operating System Information:
Operating System Type: Professional
Operating System Version: 5.0.2195.Service Pack 4
Terminal Server Mode: Not supported
###############################################################
User Group Policy results for:
CN=security2,OU=Test OU,DC=MintelChicago,DC=usdmm,DC=com
Domain Name: MINTELCHICAGO
Domain Type: Windows 2000
Site Name: Chicago
Roaming profile: (None)
Local profile: C:\Documents and Settings\security2
The user is a member of the following security groups:
MINTELCHICAGO\Domain Users
\Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
\LOCAL
###############################################################
Last time Group Policy was applied: Wednesday, July 27, 2005 at 3:07:42 PM
Group Policy was applied from: cougar.MintelChicago.usdmm.com
===============================================================
The user received "Registry" settings from these GPOs:
Default Domain Policy
###############################################################
Computer Group Policy results for:
CN=MINTEL-ZWNRDNC7,OU=Test OU,DC=MintelChicago,DC=usdmm,DC=com
Domain Name: MINTELCHICAGO
Domain Type: Windows 2000
Site Name: Chicago
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MINTELCHICAGO\MINTEL-ZWNRDNC7$
MINTELCHICAGO\Domain Computers
###############################################################
Last time Group Policy was applied: Wednesday, July 27, 2005 at 2:58:31 PM
Group Policy was applied from: cougar.MintelChicago.usdmm.com
===============================================================
The computer received "Registry" settings from these GPOs:
Local Group Policy
Default Domain Policy
Windows Updates
===============================================================
The computer received "Security" settings from these GPOs:
Local Group Policy
Default Domain Policy
Password policy
===============================================================
The computer received "EFS recovery" settings from these GPOs:
Local Group Policy
Default Domain Policy
I changed the password policy, however, the policy did not occur on the test machines. When I did a "gpresult" I notice that the Local Group Policy was taking effect over the Domain Group Policy. How do I make it so that the Domain G.P. overrides the local G.P.?
Here's the gpresult output...
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Wednesday, July 27, 2005 at 3:08:23 PM
Operating System Information:
Operating System Type: Professional
Operating System Version: 5.0.2195.Service Pack 4
Terminal Server Mode: Not supported
###############################################################
User Group Policy results for:
CN=security2,OU=Test OU,DC=MintelChicago,DC=usdmm,DC=com
Domain Name: MINTELCHICAGO
Domain Type: Windows 2000
Site Name: Chicago
Roaming profile: (None)
Local profile: C:\Documents and Settings\security2
The user is a member of the following security groups:
MINTELCHICAGO\Domain Users
\Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
\LOCAL
###############################################################
Last time Group Policy was applied: Wednesday, July 27, 2005 at 3:07:42 PM
Group Policy was applied from: cougar.MintelChicago.usdmm.com
===============================================================
The user received "Registry" settings from these GPOs:
Default Domain Policy
###############################################################
Computer Group Policy results for:
CN=MINTEL-ZWNRDNC7,OU=Test OU,DC=MintelChicago,DC=usdmm,DC=com
Domain Name: MINTELCHICAGO
Domain Type: Windows 2000
Site Name: Chicago
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MINTELCHICAGO\MINTEL-ZWNRDNC7$
MINTELCHICAGO\Domain Computers
###############################################################
Last time Group Policy was applied: Wednesday, July 27, 2005 at 2:58:31 PM
Group Policy was applied from: cougar.MintelChicago.usdmm.com
===============================================================
The computer received "Registry" settings from these GPOs:
Local Group Policy
Default Domain Policy
Windows Updates
===============================================================
The computer received "Security" settings from these GPOs:
Local Group Policy
Default Domain Policy
Password policy
===============================================================
The computer received "EFS recovery" settings from these GPOs:
Local Group Policy
Default Domain Policy
