VLAN / local policy settings... session time-out.

mrthingyx · 17 Feb 2009 at 16:26

Hi, guys.

Is there a way of enforcing a session time-out on a specific user group within Active Directory?

If, for instance, an entire domain/global policy is set to X passwords, Y lockout and a time-out of 10 minutes, is it possible to screw down a particular group of users to a different value?

Many thanks for any help!

Confused · 17 Feb 2009 at 16:35

You can apply a group policy to a specific OU, which will have these different settings applied.

mrthingyx · 17 Feb 2009 at 16:41

Confused said:
You can apply a group policy to a specific OU, which will have these different settings applied.

I thought as much... I just wasn't sure if it would work with the 'time-out' function.

Gigi · 17 Feb 2009 at 16:47

If i remember correctly, you can have your domain wide GPO and if you had a specific OU GPO then the OU GPO would take precedence over the domain-wide GPO.

Hopefully that makes sense!

Burnsy2023 · 18 Feb 2009 at 09:09

Good practice says that you're not supposed to put many setting in the global policy. Many smaller policies on OUs are preferred.

mrthingyx · 18 Feb 2009 at 10:38

Burnsy2023 said:
Good practice says that you're not supposed to put many setting in the global policy. Many smaller policies on OUs are preferred.

If you meet a DA who actually applies that logic, please introduce me to them so I can shake their hand and buy them the beverage of their choice.