We started to do some testing in our LAB to confirm a behavior we witnessed on Workstations and Servers in a AD domain. What we wanted to confirm is that if you set a domain wide account policy, that the policy will affect not only the AD database for password and account standards, but workstations and servers local SAM databases as well. Using the Block Inheritance policy allows you to block the inheritance on computers that are in OU's with the policy enforced it appears. What we want to avoid is setting account policies on Local SAM databases and causing local accounts passwords to expire etc.
Do any of you have feedback? Toddler List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
