.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Windows 8 Policy Conflict Between Active Directory and Exchange
If a Windows 8 machine has policies from Active Directory as well as Exchange ActiveSync, the policies that win in case of conflict are the ones that are most restrictive. Here's why.
John Savill
February 13, 2013
1 Min Read
Q: When a Windows 8 machine is part of an Active Directory (AD) domain and is also connected to an Exchange mailbox with ActiveSync policies, which policy wins if there's a conflict?
A: Exchange ActiveSync allows policies such as security and lock-out requirements to be enforced on client machines. These settings can also be configured using Group Policy. Like most security implementations, if there's a conflict between AD Group Policy and Exchange ActiveSync, then the most restrictive policy wins.
There is one exception: The password complexity requirements set by Group Policy always win even if they're less complex than the ActiveSync policy. However, even though the winning policy is less complex than required by ActiveSync, the ActiveSync policy will still report compliance on the machine. Microsoft confirms this in a TechNet blog post.
Also check out the FAQ answer "Doing an ActiveSync Remote Wipe of a Windows 8 or Windows RT Device."
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
