On the Scripting Center at Microsoft.com (http://www.microsoft.com/technet/scriptcenter). There are a bunch of useful scripts to look at. First look at resolving password age and add some logic to that that says as the PW ages so much flip the flag for user must change password at next logon. Apply the script to a GPO at the OU level. This will allow you to have different PW policy for OUs. The script will have to be more complex to match the user experience to the default (i.e. message that PW will change in x days...)
Hth, Kevin -----Original Message----- From: Pennell, Ronald B. [mailto:rpennell@;ida.org] Sent: Friday, November 01, 2002 2:08 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password Policy for Users Recently took a windows 2000 security class and was told that we can only have one password policy for the domain. Other who have taken class at the SANS Institue, say that's not true. I have not been able to find where in an OU where you can set a password policy for that OU. Realize that I can set policies at any level, but, only one for passwords. Can someone shed some light on this for me. Running W2K SP2 (Native). Single Domain. Ron Pennell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
