ARCHIVED: How do I override settings in the Default Domain Policy for my OU?
Note: This information is intended for registered local support providers (LSPs) at Indiana University. If you are an IU LSP and have questions regarding this content, email UITS Tier 2 Support; otherwise, contact your campus Support Center.
Blocking the entire Default Domain Policy for your organizational unit (OU) is not advisable. However, a certain setting within the Default Domain Policy can sometimes cause issues within your department. You can create a group policy that will override one or several of those settings.
This example shows an override that changes the policy setting "Account lockout threshold" from 25 invalid logon attempts to 20. Keep in mind that you are not limited to overriding only a single setting in your GPO.
- If it is not already installed, install the Group Policy
Management Console with Service Pack 1 from this page:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
- From the menu, click or , then , and then .
- Check the policy setting for Default Domain Policy to make sure
you want to change it from its default:
- In the left window, navigate to
ads.iu.edu
and find . - In the left window, click . In the right window, click the tab.
- Locate the particular setting you wish to change. In the example, this is "Account lockout threshold". The path for this is , then , then , then , then , and then . Note the setting is for "25 invalid logon attempts", which, for this example, will change 20.
- In the left window, navigate to
- In the left window, navigate to the OU for which you wish to override the Default Domain Policy. This can be at your main OU, or one of your sub-OUs.
- Right-click your chosen OU, and select .
- Name the GPO. It should follow the standard naming
convention of
campus-department-name_of_policy
, for example:IU-LSPS-number_of_invalid_logon_attempts
- Once it's created, right-click the GPO in the left window, and select .
- In the
Group Policy Object Editor
for your newly created GPO, drill down to the policy setting you want to change.In the example, the path is
, then , then , then , and then . In the right window, you should see the setting for . - In the right window, right-click and select .
- Make sure
20
, and then click . is checked,
change the value to the box to - Close the
Group Policy Object Editor
window, and then close theGroup Policy Management Console
window.
Your settings will affect every computer in the OU to which the change is applied. To apply the settings to a subset of computers in the OU, you will need to modify the Security Filtering and/or WMI Filtering for your Group Policy Object.
This is document attx in the Knowledge Base.
Last modified on 2021-09-07 17:15:03.