This would be extremely unstable. Not only is the policy being changed by the GPO replicated through FRS, it is also being changed by the values replicating around for the Domain NC head though AD replication. I.E. The machine that got say a value of 10 for bad hits for lockout would replicate to the machine that had a value of say 5. Then the second would be changed back by policy and try to replicate to the first and back and forth.
What I am trying to say is instead of having one policy on one machine and another on another machine, you would have no idea at any given point what the policy was because it would be constantly changing on all DCs as they duked it out. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 3:01 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] How to Enable a Warning Message During Windows Logon Welcome Rick, That's correct. In fact we once tried having two policies at the domain level with different values for the password length. We then changed filtering so that one Domain controller got one policy and an other Domain controller got a different policy. We then tested how each behaved when processing password changes and each was using the different values. A cute setup, but of no practical use that I can think of. Alan Cuthbertson ----- Original Message ----- From: "Kingslan, Rick T." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 17, 2004 3:17 AM Subject: RE: [ActiveDir] How to Enable a Warning Message During Windows Logon Welcome > Only Password Policies created at the domain level are effective for > domain users, but they don't have to be in the default domain policy > object. Can you elaborate on this? I've only had one coffee this morning, and I don't think I follow what you're saying.... Are you saying that a GPO identified by a GUID other than the Default Domain Policy can apply Paasword, Kerb, Lockout, etc? Rick > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of ASB > Sent: Tuesday, November 16, 2004 7:44 AM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] How to Enable a Warning Message During Windows > Logon Welcome > > > The Default Domain Policy is the *only* affective policy for those > settings. > > That's not an accurate statement... > > Only Password Policies created at the domain level are effective for > domain users, but they don't have to be in the default domain policy > object. > > -ASB > > > On Sun, 7 Nov 2004 12:58:57 -0600, Brian Desmond > <[EMAIL PROTECTED]> wrote: > > The Default Domain Policy is the *only* affective policy for those > settings. > > > > > > > > Thanks. > > > > --Brian Desmond > > [EMAIL PROTECTED] > > Payton on the web! www.wpcp.org > > > > v - 773.534.0034 x135 > > f - 773.534.8101 > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:ActiveDir- > > > [EMAIL PROTECTED] On Behalf Of ASB > > > Sent: Sunday, November 07, 2004 11:32 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [ActiveDir] How to Enable a Warning Message During > Windows > > > Logon Welcome > > > > > > You would seem to be suggesting that multiple policies cannot be > > > applied... > > > > > > -ASB > > > > > > On Fri, 5 Nov 2004 21:19:38 -0600, Brian Desmond > > > <[EMAIL PROTECTED]> wrote: > > > > Oh? How do you go about setting password policies, lockout policies, > > > kerb policies, etc with this practice? > > > > > > > > Thanks. > > > > > > > > --Brian Desmond > > > > [EMAIL PROTECTED] > > > > Payton on the web! www.wpcp.org > > > > > > > > v - 773.534.0034 x135 > > > > f - 773.534.8101 > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] [mailto:ActiveDir- > > > > > [EMAIL PROTECTED] On Behalf Of Jared Manhat > > > > > Sent: Friday, November 05, 2004 3:07 PM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: RE: [ActiveDir] How to Enable a Warning Message During > > > Windows > > > > > Logon Welcome > > > > > > > > > > You should never modify the Default Domain Policy, instead create > a > > > new > > > > > one. > > > > > > > > > > Jared Manhat > > > > > Systems Administrator > > > > > Accutest Laboratories > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega > > > > > Sent: Friday, November 05, 2004 11:01 AM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: RE: [ActiveDir] How to Enable a Warning Message During > > > Windows > > > > > Logon Welcome > > > > > > > > > > Try under: > > > > > Default Domain Policy ->Computer Configuration ->Windows Settings > > > > > ->Security > > > > > Settings ->Local Policies ->Security Options ->Message Title for > users > > > > > attempting to logon > > > > > r/ > > > > > Lou > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED] On Behalf Of Christine > > > Allen > > > > > Sent: Friday, November 05, 2004 10:52 AM > > > > > To: '[EMAIL PROTECTED]' > > > > > Subject: [ActiveDir] How to Enable a Warning Message During > Windows > > > > > Logon > > > > > Welcome > > > > > > > > > > Hello, > > > > > > > > > > Running windows 2k ad and I was wondering if there is a way via > group > > > > > policy > > > > > to Enable a Warning Message During Windows Logon Welcome. I know > > > there > > > > > is a > > > > > reg hack for it, but I won't want to touch 300 desktops. Thanks. > > > > > > > > > > Christine > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
