Actually I did it once. This way you can enforce different password complexity requirements for domain accounts vs. machine local accounts by applying stricter password complexity to GPO that is linked to Domain Controllers OU.
This is rather simple: in Default Domain Controller Security policy you block inheritance and define different password length/complexity then in default domain policy. Standalone computers will receive the security settings from default domain policy and DC from it's own. Of course you must watch out for other settings defined in the default domain GPO. Never found any use for this, but it was one of those nice-to-know things. Guy -- Smith & Wesson - the original point and click interface On Mon, 2004-03-15 at 07:56, joe wrote: > Yes they do. The default domain policy is where your domain security policy > is located at. > > What implications are there for blocking it... I am not sure, never tried... > Let us know. :o) > > > ------------- > http://www.joeware.net (download joeware) > http://www.cafeshops.com/joewarenet (wear joeware) > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shukovsky Jr > Sent: Thursday, February 26, 2004 12:12 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Group Policy > > Do W2k domain controllers need to process default domain policy as well as > default dc policy? > If so and the DC's OU is set to block default domain policy what > implications will/can this have? > > thanks in advance. > > > > This E-mail, including any attachments, may be intended solely for the > personal and confidential use of the sender and recipient (s) named above. > This message may include advisory, consultative and/or deliberative material > and, as such, would be privileged and confidential and not a public > document. Any Information in this e-mail identifying a client of the > department of Human Services is confidential. If you have received this > e-mail in error, you must not review, transmit, convert to hard copy, copy, > use or disseminate this e-mail or any attachments to it and you must delete > this message. You are requested to notify the sender by return e-mail. > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
