# Domain Security Policy



## romlinsys (Feb 8, 2008)

I havd a windows server 2003 domain that I need to configure the Password security options, but when I go into the local security policies to change it they are greyed out and I can't make the changes I need..

I also have a problem with the desktop settings for Automatic updates and screensaver..

It appears to me that the server has a setting that is over riding me, but haven't been able to find it..

Any help would be greatly appreciated and would help reduce the amount of Advil I will need..


----------



## Squashman (Apr 4, 2003)

You have conflicting information. Your thread title says Domain policy but your description says local security policy. Which do you want to change?
You should change domain policies by going into Active Directory Users and Computers.


----------



## centauricw (Jun 26, 2010)

On a domain controller, there is no such concept as a "local system" because it's now a critical part of the domain. You can set the password policy from the Domain Controller Security policy, it will only apply to the domain controllers, or the Domain Security Policy, which will apply the changes to the domain controller and all member servers.


----------



## romlinsys (Feb 8, 2008)

Squashman said:


> You have conflicting information. Your thread title says Domain policy but your description says local security policy. Which do you want to change?
> You should change domain policies by going into Active Directory Users and Computers.


Sorry for the confusion..

It is kind of hard to explain..

I have under the administrator options a link that says local Securty policy and I have also tried the Global policy editor (GPEDIT.MSC).. When I run them I can see the area where you can specify the password duration, complexity, and length..

But when I click on them they are greyed out and I can't change anything.. Also on each desktop I can't change the screensaver time or automatic updates options.. There may be more, but I haven't found anything else..

I know it must be controlled by the server, but I just can't find it..

Is there another editor I am missing??

I know I don't have all the domain options under administrator tools.

Thanks


----------



## romlinsys (Feb 8, 2008)

centauricw said:


> On a domain controller, there is no such concept as a "local system" because it's now a critical part of the domain. You can set the password policy from the Domain Controller Security policy, it will only apply to the domain controllers, or the Domain Security Policy, which will apply the changes to the domain controller and all member servers.


Thanks.. I guess I wasn't to clear..

See my previous post for a better explanation


----------



## Squashman (Apr 4, 2003)

gpedit does not stand for Global Policy editor. Group Policy Editor.

Read this.
http://www.petri.co.il/working_with_group_policy.htm


----------



## anandan07 (Jul 12, 2010)

If you are trying to change the settings in a domain controller, u have to edit the default domain controller policy (group policy) for changing the password policy.


----------

