To modify policies in Domain, we use Group Policy Management  :
 (Note that we are on Domain Controller )
Start> Administrative Tools  >Group Policy Management

From the left panel, click to a "+" sign : Forest :Long.local >  Domain > Group Policy Objects
  • Default Domain Policy : Affect to all Domain (Domain Controller and Domain member/member server)
  • Default Domain Controller Policy : Only afftect to Domain Controller\
For example :

1/ Password Policy : 
We use Default Domain Policy > Right Click and choose Edit  : a new dialog appear

Computer configuration> Policies> Security Settings> Account Policies> Password Policies

affect all Domain .

2/ As you might know that user (not Domain Administrators) cannot log in locally on Domain Controller.
But there is a policy that you can do it , because you want this policy affect only to DC, so :

Right click : Default Domain Controller Policy > User Right Assignment> Allow logon locally .

----

The point is, when Administrator is on a member computer,  how can he manage a Domain ?

On :
Windows XP, 2K3, Vista : we use a software call Adminpak.msi
Windows 7 : Download and Install remote administration tool
Windows server 2008 : Server Manager> Right Click Features > Add Features > Check to :

  • Group Policies Management
  • Expand Remote Server Administration Tools > Role Administration Tools > AD DS & AD LDS Tools >  AD DS Tools> Check to Active Directory Administrative Center .
  • Add requirement features. Next .

=> Install .

----
* Admin can manage time and computer for user logon (when ? - which computers ?) by accessing Active Directory User and Computer> Double Click to User > Account : Modify Logon Hour and Log on to .

0 comments:

Post a Comment