Article ID: 259576 - View products that this article applies to.
This article was previously published under Q259576
Domain controllers pull some security settings only from group policy objects linked to the root of the domain. Because domain controllers share the same account database for the domain, certain security settings must be set uniformly on all domain controllers. This ensures that the members of the domain have a consistent experience regardless of which domain controller they use to log on. Windows 2000 accomplishes this task by allowing only certain setting in the group policy to be applied to domain controllers at the domain level. This group policy behavior is different for member server and workstations.
The following settings are applied to domain controllers in Windows 2000 only when the group policy is linked to the Domain container:
The following settings are applied to Windows Server 2003-based domain controllers only when the group policy is linked to the domain container. (The settings are located in Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options.)
These settings from group policy objects are not applied on the Domain Controllers organizational unit because a domain controller can be moved out of the Domain Controllers organizational unit and into a different organizational unit. Using the Domain container allows these setting to be applied regardless of in which organizational unit the domain container resides.
The process for applying these settings on a domain controller includes:
Article ID: 259576 - Last Review: February 28, 2007 - Revision: 4.4