Impossible/irrelevant. If it's a domain account, the policy applies regardless, because the account is stored in AD. If it's a local account, then the policy doesn't apply regardless; domain account policies don't apply to local accounts. Is this a local account or a domain account?
Any password policy, regardless as to where it is linked in the domain, will apply to any and all computer accounts within scope.
The domain password policy applies to all computer objects in the domain (within scope, i.e. not filtered).
The only thing that is special about the domain password policy (a GPO with account policy configured and linked to the domainDNS object) is that the PDCe applies the values set therein to the necessary attributes re. pwd policy on the domain NC head -which is why you have to link your GPO with the settings you want to the domain and can't link it to the DC's OU- which is where the DCs read that info. from.
--Paul ________________________________ From: Laura A. Robinson [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 06, 2006 9:27 AM To: [email protected] Subject: RE: [ActiveDir] Strange password issue Impossible/irrelevant. If it's a domain account, the policy applies regardless, because the account is stored in AD. If it's a local account, then the policy doesn't apply regardless; domain account policies don't apply to local accounts. Is this a local account or a domain account? Laura ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, September 06, 2006 11:44 AM To: [email protected] Subject: Re: [ActiveDir] Strange password issue If you mean before the policy was set up, then, no. This policy has been in effect for a couple of years and the account was created a month ago.. Maybe the PC is not getting the Default Domain Policy? On 9/6/06, Williams, Robert <[EMAIL PROTECTED]> wrote: Tom, This is just a stab in the dark but is it possible that this user's password was set prior to the Default Domain Policy being in effect? Robert Williams ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, September 06, 2006 9:39 AM To: activedirectory Subject: [ActiveDir] Strange password issue I'm having this weird issue where I have a user account who is able to log in with a blank password. The Default Domain Policy is set to a min password length of 6 characters. The userAccountControl on the user is set to 512. The Domain is at win2k3 DFL and FFL. Is there any other way besides a migration tool like Quest that could circumvent this policy and allow blank passwords? Thanks 2006-09-06, 11:32:05 The information contained in this e-mail message and any attachments may be privileged and confidential. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to this e-mail and delete the message and any attachments from your computer. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
