To me it seems intuitive that GP processing would behave the same way for DCs as it would for other computers. And to answer the question, yes I have confirmed this in testing numerous times over the years-most recently the day Ben asked the question.
Darren -----Original Message----- From: "Derek Harris" <[EMAIL PROTECTED]> To: ActiveDir@mail.activedir.org Sent: 9/14/2006 4:11 PM Subject: RE: [ActiveDir] Block Inheritance on DC OU I did it a couple years ago, and found out that it does block the password policy. It seems intuitive that it shouldn't, but it does. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wade Sent: Thursday, September 14, 2006 3:54 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Block Inheritance on DC OU You say "Obvious" but is this obvious? What happens in the case of password policy. This can only be set at the top level of the domain. Does this block actually prevent it being applied? I would guess that is does, but I wonder if any one has tested it or has any docs on what actually happens. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Wednesday, September 13, 2006 6:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Block Inheritance on DC OU Well, the obvious effect is that it prevents domain-linked policies from being delivered correctly, including password policy. This is probably not desirable. I can't think of a good scenario where this would be useful. Darren ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN Sent: Wednesday, September 13, 2006 9:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Block Inheritance on DC OU The company I am currently working for has "block inheritance" enabled for the Domain Controller's OU and apparently whoever enabled this setting is no longer with the company (or they won't fess up to why they did this). Although I am curious, what sort of ramifications does enabling "block inheritance" on the Domain Controller's OU pose? And what reason would [truncated by sender] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
