You can set an account policy on the individual OUs. This will only take place for the local machines SAMs. This is under AD 1.0 though, I haven't done this in 2.0 yet.
http://support.microsoft.com/default.aspx?scid=kb;en-us;255550 - look under exceptions to the rule. Marc Zukerman ----- Original Message ----- From: "Myrick, Todd (NIH/CIT)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, January 27, 2003 2:02 PM Subject: [ActiveDir] GPO's and AD... > We started to do some testing in our LAB to confirm a behavior we witnessed > on Workstations and Servers in a AD domain. What we wanted to confirm is > that if you set a domain wide account policy, that the policy will affect > not only the AD database for password and account standards, but > workstations and servers local SAM databases as well. Using the Block > Inheritance policy allows you to block the inheritance on computers that are > in OU's with the policy enforced it appears. What we want to avoid is > setting account policies on Local SAM databases and causing local accounts > passwords to expire etc. > > Do any of you have feedback? > > Toddler > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
