Skip navigation

JSI Tip 2946. Windows 2000 Domain Security Policy.

In Windows NT 4.0, Domain Security Policy referred to User Password, Account Policy, Audit Policy, and User Rights.

In Windows 2000, the Security Settings snap-in in the Group Policy Editor handles Domain Security Policy.

To configure domain wide security, use Active Directory Users and Computers, right click the domain object, and press Properties. On the Group Policy tab, you can see the linked GPOs. If Default Domain Policy is not linked, Add it. Edit the Default Domain Policy.

If you navigate to Computer Configuration\Windows Settings\Security Settings, the following nodes can be used:

Account Policies
   Password Policy
   Account Lockout Policy
   Kerberos Policy
Local Policies
   Audit Policy
   User Rights Assignment
   Security Options 
Event Log
Restricted Groups
System Services
File System
IP Security Policies on Active Directory
Public Key Policies
Group Policy is configured via GPOs in a heirarchy such as Sites, Domain, or Organizational Units and applied in a LSDOU order:


The later policies take precedence over earlier applied policy.

Local policy is applied first. When this conflicts with a Domain policy, the Domain policy prevails.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.