Results 1 to 9 of 9

Thread: domain wide account policy

  1. #1
    Regular Member
    Join Date
    Aug 2006
    Posts
    103

    domain wide account policy

    Guys, I am trying to set up a domain wide account policy but I am unsure of how to do this. Can someone please help me out? I have active directory installed on the server and wins. Do I use MMC? I appreciate any help.

    thank you.

  2. #2
    Regular Member
    Join Date
    Aug 2006
    Posts
    103
    Is this what I need to do:

    Add the Security Templates Snap-In to a Microsoft Management Console (MMC) Console
    To add the Security Templates snap-in to a MMC console, follow these steps:
    1. Click Start, and then click Run.
    2. In the Open box, type mmc, and then click OK.
    3. On the File menu, click Add/Remove Snap-in.
    4. In the Add/Remove Snap-in dialog box, click the Standalone tab, and then click Add.
    5. In the Add Standalone Snap-in dialog box, click Security Templates, click Add, click Close, and then click OK.
    6. In the console tree, expand Security Templates, and then expand %SystemRoot%\Security\Templates.

    A list of predefined security templates and their descriptions appears in the right pane.

    Create and Define a New Security Template
    To define a new security template, follow these steps:
    1. In the console tree, expand Security Templates.
    2. Right-click %SystemRoot%\Security\Templates, and then click New Template.
    3. In the Template name box, type a name for the new template.

    If you want, you can type a description in the Description box, and then click OK.

    The new security template appears in the list of security templates. Note that the security settings for this template are not yet defined. When you expand the new security template in the console tree, expand each component of the template, and then double-click each security setting that is contained in that component, a status of Not Defined appears in the Computer Setting column.
    4. To define Account Policies, Local Policies, or Event Log policies, follow these steps: a. In the console tree, expand the component that contains the security setting that you want to configure.

    For example, to set a maximum password age policy, expand Account Policies.
    b. In the right-pane, double-click the security setting that you want to configure.

    For example, to set the maximum password age policy, double-click Password Policy, and then double-click Maximum password age.
    c. Click to select the Define this policy setting in the template check box, specify the option or setting that you want as appropriate to the security setting, and then click OK.

    5. To define a Restricted Groups policy, follow these steps: a. Right-click Restricted Groups, and then click Add Group.
    b. Click Browse.
    c. In the Select Groups dialog box, type the name of the group that you want to restrict access, click OK, and then click OK.
    d. In the GroupName Properties dialog box, under Members of this group, click Add Members to add the members that you want to the group.

    To add this group as a member of another group, under This group is a member of, click Add Groups.
    e. Click OK.

    6. To define a System Services policy, follow these steps: a. Expand System Services.
    b. In the right pane, double-click the service that you want to configure.
    c. Specify the options that you want, and then click OK.

    7. To define security for registry keys, follow these steps: a. Right-click Registry, and then click Add Key.
    b. In the Select Registry Key dialog box, click the registry key that you want to define security for, and then click OK.
    c. In the Database Security for RegistryKey dialog box, specify the permissions that you want for the registry key, and then click OK.
    d. In the Add Object dialog box, specify how you want permissions on this key inherited, click OK, and then click OK.

    8. To define security for files or folders, follow these steps: a. Right-click File System, and then click Add File.
    b. In the Add a file or folder dialog box, click a file or folder that you want to add security to, and then click OK.
    c. In the Database Security for FileName or FolderName dialog box, specify the permissions that you want, click OK, and then click OK.

  3. #3
    Regular Member
    Join Date
    Aug 2006
    Posts
    103
    is there a way to do this manually, If so, can someone please help me ouy.

  4. #4
    Regular Member
    Join Date
    Aug 2006
    Posts
    103
    Can I please get an answer. I would appreciate it.

  5. #5
    Advanced Member
    Join Date
    Dec 2001
    Location
    NY
    Posts
    688
    Be patient, it takes time for the right people to come along and read your posts and have time to answer.

    What kind of policies do you want? Another way of enforcing policies in the domain is to use group policy. Without knowing what you want to accomplish it is hard to know how to go about doing it.

  6. #6
    Regular Member
    Join Date
    Aug 2006
    Posts
    103
    If the only thing that can be done like password length, password age, etc. then that or if more can be done like taking away the way a users desktop looks like than how would I do that please. I appreciate the help.

  7. #7
    Advanced Member
    Join Date
    Dec 2001
    Location
    NY
    Posts
    688
    Well group policy will not really help you with user account settings such as password requirments. You will need to edit the domain security policy. Go to Start Administrative Tools, Domain Security Policy. Poke around and find what settings you want to change. Mostly that will have the settings for password requirments and such.

    Group Policy can be accessed by right clicking on the domain root in AD Users and Computers and choosing properties, then the Group Policy tab. Again you can poke around in the default group policy and see if settings there will accomplish what you need. Here you will be able to do things like change where certain folders are stored through folder redirection.

    You can create a user profile for all users and force it to be used. You can also disable the users from being able to change the profile settings. It can be done best with group policy, but there are other mehtods such as renaming the ntuser.dat file in the user profile to ntuser.man to make it a mandatory profile.

  8. #8
    Regular Member
    Join Date
    Aug 2006
    Posts
    103
    thank you very much for answering my question Erik. I really appreciate your time and help.

  9. #9
    Regular Member
    Join Date
    Jan 2009
    Posts
    112
    modify the default domain policy using the group policy enterprise console

    http://www.microsoft.com/downloads/d...displaylang=en

Similar Threads

  1. windows server 2003 setup
    By Aznboy in forum Networking Forum
    Replies: 31
    Last Post: 12-14-06, 07:15 AM
  2. Help adding client to network
    By zodiax in forum Networking Forum
    Replies: 6
    Last Post: 07-04-06, 06:17 AM
  3. BF2 Multiplayer / LAN
    By BaJaBoy in forum Gaming
    Replies: 5
    Last Post: 02-11-06, 01:07 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •