|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
Will
Guest
|
 Posted: Tue May 16, 2006 11:01 am Post subject: Recommended Group Policy for Mixed W2K W2K3 Domain Controlle |
 |
|
When you have domain controllers that are both Windows 2000 and Windows 2003
in the same domain, what is the recommended best practice for how to apply
group policy for Default Domain Controller Security Policy? Should we put
the W2K3 DCs into a separate OU under Domain Controllers, and then attach a
security policy to that OU that is specific to Windows 2003?
Some settings just cannot be shared between the two operating systems. For
example, some security policies for Windows 2003 need to authorize Network
Service and Local Service users, which exist only in Windows 2003.
--
Will |
|
| Back to top |
|
 |
|
|
Jorge Silva
Guest
|
| Posted: Wed May 17, 2006 3:09 pm Post subject: Re: Recommended Group Policy for Mixed W2K W2K3 Domain Contr |
|
|
Hi
Policies not compatible with older systems, won't be applied.
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Will" <westes-usc@noemail.nospam> wrote in message
news:BZSdnY9of6k15fTZnZ2dnUVZ_tqdnZ2d@giganews.com...
| Quote: | When you have domain controllers that are both Windows 2000 and Windows
2003
in the same domain, what is the recommended best practice for how to apply
group policy for Default Domain Controller Security Policy? Should we
put
the W2K3 DCs into a separate OU under Domain Controllers, and then attach
a
security policy to that OU that is specific to Windows 2003?
Some settings just cannot be shared between the two operating systems.
For
example, some security policies for Windows 2003 need to authorize Network
Service and Local Service users, which exist only in Windows 2003.
--
Will
|
|
|
| Back to top |
|
|
Will
Guest
|
| Posted: Thu May 18, 2006 1:31 am Post subject: Re: Recommended Group Policy for Mixed W2K W2K3 Domain Contr |
|
|
That's not my question at all. If you put into a group policy that IS
respected on both W2K and W2K3 a value that only one of the two OS can use,
then you get a failure message.
For example, if you set the Login as a Service with the values Network
Service and Local Service, which are userids only known to Windows 2003,
your Windows 2000 machines will fail to apply group policy, complaining that
there are unidentified objects in the policy.
We solved this problem - at Microsoft's suggestion - for non domain
controllers by having a separate OU for Windows 2003 machines. I'm asking
if there is a similar suggested division for domain controllers.
--
Will
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:#tH6WJaeGHA.2076@TK2MSFTNGP04.phx.gbl...
| Quote: | Hi
Policies not compatible with older systems, won't be applied.
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Will" <westes-usc@noemail.nospam> wrote in message
news:BZSdnY9of6k15fTZnZ2dnUVZ_tqdnZ2d@giganews.com...
When you have domain controllers that are both Windows 2000 and Windows
2003
in the same domain, what is the recommended best practice for how to
apply
group policy for Default Domain Controller Security Policy? Should we
put
the W2K3 DCs into a separate OU under Domain Controllers, and then
attach
a
security policy to that OU that is specific to Windows 2003?
Some settings just cannot be shared between the two operating systems.
For
example, some security policies for Windows 2003 need to authorize
Network
Service and Local Service users, which exist only in Windows 2003.
--
Will
|
|
|
| Back to top |
|
|
|
|
