Also, keep in mind that password policy is a
machine policy, so in any case, its not being applied to user
accounts--but rather machines. In the case of domain password policy, the
machine(s) actually processing the password policy settings are your DCs, which
of course house your domain accounts. And, it is an all or nothing
thing, so even if you wanted to filter the GPO by user account, you really
couldn't.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long
Sent: Wednesday, September 29, 2004 6:00 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Password Policy question
The password policy is a
domain wide thing. You cant restrict it to certain OUs. Whatever you set it as
is what it will be. Would be helpful to apply it to certain OUs, but password
policies are there to protect the entire environment, so objecst that would not
be using the same policy would be opening you up (that is why it is a domain
wide thing)
From: [EMAIL PROTECTED] on behalf of Steve Schofield
Sent: Wed 9/29/2004 8:13 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Password Policy question
We've implemented a domain wide password policy using the
default domain
policy, this applies to authenticated users. One question Im
not sure about
is I have an OU that all Admin id's and service accounts
reside in, We've
applied block inheritance on this OU but the Default Domain
Policy is still
being applied and password restrictions are being enforced.
This might be my
mis-understanding but shouldn't block inheritance stop this
from applying to
the user 'ids in this OU?
Steve
List
info : http://www.activedir.org/mail_list.htm
List
FAQ : http://www.activedir.org/list_faq.htm
List
archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
