JSI Tip 2946. Windows 2000 Domain Security Policy.

Jerold Schulman

October 23, 2000

1 Min Read
ITPro Today logo

In Windows NT 4.0, Domain Security Policy referred to User Password, Account Policy, Audit Policy, and User Rights.

In Windows 2000, the Security Settings snap-in in the Group Policy Editor handles Domain Security Policy.

To configure domain wide security, use Active Directory Users and Computers, right click the domain object, and press Properties. On the Group Policy tab, you can see the linked GPOs. If Default Domain Policy is not linked, Add it. Edit the Default Domain Policy.

If you navigate to Computer ConfigurationWindows SettingsSecurity Settings, the following nodes can be used:

Account Policies   Password Policy   Account Lockout Policy   Kerberos PolicyLocal Policies   Audit Policy   User Rights Assignment   Security Options Event LogRestricted GroupsSystem ServicesRegistryFile SystemIP Security Policies on Active DirectoryPublic Key Policies

Group Policy is configured via GPOs in a heirarchy such as Sites, Domain, or Organizational Units and applied in a LSDOU order:


The later policies take precedence over earlier applied policy.

Local policy is applied first. When this conflicts with a Domain policy, the Domain policy prevails.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like