Windows 2000 Security Policy
This section describes the various security policy tools and their prioritization of security policy applications. By default, Group Policy is inherited and cumulative, and affects all computers in the Microsoft Active Directory® container. Group policies can be managed by using Group Policy Objects (GPOs), which are data structures that are attached in a specific hierarchy of selected Active Directory objects such as sites, domains, or organizational units (OUs). After creating these
the GPO, it may be applied in a standard order: LSDOU, indicating (1) locally, (2) site, (3) field, (4) OU. The applied policy priority is higher than the first applied policy priority. A domain policy is valid if a computer belongs to a domain and there is a conflict between the domain and the local computer policy. However, if a computer no longer belongs to a domain, the local group policy is applied.
When a computer joins a domain that implements Active Directory and Group Policy, it processes local GPOs. Note that the local GPO policy is processed even when the Block Policy Inheritance option is specified.
Account policies (passwords, account lockouts, and Kerberos policies) for the entire domain can be defined in the default domain GPO local policies (audit policies, user rights assignments, and security options) because they are defined in the default domain controller GPO The domain control controller (DC). For DCs, the settings defined in the default DC GPO take precedence over the settings defined in the default domain GPO. This way, if you configure user privileges in the default domain GPO (for example, "Add workstations in the domain"), there is no impact on the DCs in this domain.
There is an option to allow group policies to be enforced in a specific GPO, which prevents GPOs in lower-level Active Directory containers from replacing this policy. For example, if a specific GPO is defined at the domain level and an enforcement GPO is specified, the policies contained in the GPO will be applied to all OUs in this domain; that is, lower-level containers (OUs) cannot override this domain group Strategy.
Note: The Account Policy Security Zone receives the special handling that it takes effect on this domain computer. All DCs in this domain receive account policies from GPOs configured on the domain node, regardless of the location of the DC's computer objects. This ensures that a consistent account policy is enforced for all domain accounts. All non-DC computers in the domain can get the policies for local accounts on these computers according to the normal GPO hierarchy. By default, member workstations and servers enforce the policy settings configured in their local account domain GPOs, but they will take effect if there are other GPOs with a lower range that override the default settings.
Local Security Policy
Use local security policies to set security requirements on your local computer. It is primarily used for individual computers or for applying specific security settings to domain members. Local security policy settings have the lowest priority in an Active Directory managed network.
• Open Local Security Policy
1. Log in to the computer with administrator privileges.
2. On Windows 2000 Professional computers, the Administrative Tools are not displayed as options in the Start menu by default. To view the Administrative Tools menu options in Windows 2000 Professional, click Start, point to Settings, and then click Taskbar and Start Menu. In the Taskbar and Start Menu Properties window, click the Advanced tab. Select Show Administrative Tools in the Start Menu Settings dialog. Click the "OK" button to complete the setup.
3. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy. This will allow you to "local security settings" console.
Figure 1: Local Security Settings Domain Security Policy
Microsoft PKI has made many improvements in Windows Server 2008 and adds many features. The first of
Remember Win 98 and Win Me era, I heard friends want to reinstall the operating system, I will alway
Automatically close the program that stops responding For the program that stops responding, you ca
Microsoft has just released the June Community Technology Preview for Windows Server 2008, which wil
Windows 2000/XP installation driver compatibility issue
Use the Win 2003 distribution function to reduce the burden on the network management
Nine tricks make the hard drive faster and the system more stable
Windows Server 2008 new technology analysis
Change Win 2003 to workstation
How to use the system configuration utility
Ways to share ADSL under Windows 2000 system
Manage Windows Server 2003 Active Directory Tree
Let Windows 2000 services run better
Cross-Windows Server 2008 Remote Management Barrier
Forcibly ending the specified Windows Vista process
How to find the file deleted by win10
How can the win8 system enter the safe mode?
Prompt boot.wim file can not be installed how to do
Win7 dual screen display setting method
How to generate reports using Linux using the Sosreport command
Win10 build 10125 new version of Jump Lists designed
How to replace the U disk icon
Win10 system preview version desktop lower right corner evaluation copy watermark removal method