Clients' Security Policy!

[SauM]

I've a problem in my AD. I don't know how I can set for clients
to set their local security policy according to Domain Security Policy
not Domain Controller Security Policy! All of them (win2k pro or xp pro)
download their security settings from the Controller settings not
the Domain one! so if I want to don't let domain users to log on
to the controller itself, I'll disable using any client in the domain!
what do you think about this?

 

[Saltin]

The only possible way your client computers would be picking up the Domain Controller Policy over the Domain Policy would be if their accounts were in the Domain Controller OU.
Move the computers that arent DC's out of the Domain Controller OU.

 

[Woodie]

What Saltin said...I'm assuming you're using GPResult.exe to confirm exactly which GPOs are being applied to the client?