OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Windows 2000 Security Policies...
From: Greg Gonzalez (ghgINTERCERVE.COM)
Date: Thu May 04 2000 - 11:00:16 CDT

There is no way I am aware of to override this, unfortunately. If a member
server logs into a domain with domain policies specified, those policies
will take precedence over the local policies.
-greg gonzalez

-----Original Message-----
From: Ratz, Thomas (US - Hermitage) [mailto:tratzDTTUS.COM]
Sent: Wednesday, May 03, 2000 4:34 PM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Windows 2000 Security Policies...

I have been testing the impact of various security policy settings in Win2K
and am trying to determine - for a fact - just how the domain vs. local
security polices interact with each other.

According to numerous documentation sources as well as actual
implementation, setting domain security policies on a domain controller will
override any member servers' local security policies who join the domain.

The local policy configuration screens even tell you that if domain policies
are set, they will override the local ones.

My questions are:

1) Does anyone know if there is a way to override this "override?" There are
going to be times where specific member servers may need to vary in security
policy (either more or less restrictive) from the domain's security policy
to which they are joined.

2) Has anyone already had successful experience in implementing various
levels of security policies and having them disseminate throughout the
domain and then modifying specific machines to suit specific needs.

Surely, Microsoft's answers is not that a Domain security policy should be
an absolute blanket policy for every machine joined to the domain.

Thanks.

TMR