>From a guide I have "Securing Windows 2000 Server Guide" "Account policies are implemented at the domain level. A Windows 2000 Server domain must have a single password policy, an account lockout policy, and Kerberos version 5 policy for the domain. Setting these policies at any other level in Active Directory will only affect local accounts on member servers. If there are groups that require separate password policies, they should be segmented into another domain or forest based on any additional requirements. "
(To continue supporting your findings...) -Tim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Hoffman Sent: Wednesday, June 25, 2003 3:46 PM To: NT 2000 Discussions Subject: RE: AD Complex Passwords Question Well, that jives with what I'm finding out here. That's certainly frustrating in a situation like mine. Oh well... -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 3:40 PM To: NT 2000 Discussions Subject: RE: AD Complex Passwords Question Actually, I don't believe blocking inheritance does NOT affect the domain wide password policy requirements. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Bud DAWSON [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 25, 2003 1:02 PM > To: NT 2000 Discussions > Subject: RE: AD Complex Passwords Question > > > Hi Matt > > Yes, you can "block inheritance" (there is a check box) for > any OU to stop > the effect of a Domain-level policy (such as password rules) > being applied > to any objects residing in that OU. However, if the somebody > turns on "No > Override" for some policy at the domain level, then you, as an OU > administrator, cannot block that particular policy from > applying to your OU. > (This is the business practice that says "the higher up the > tree you live, > the bigger stick you have") > > Cheers > > Bud > > Windows System Administrator, MCSE 2000 > > [EMAIL PROTECTED] > > > > -----Original Message----- > From: Matt Hoffman [mailto:[EMAIL PROTECTED] > Sent: June 25, 2003 8:42 AM > To: NT 2000 Discussions > Subject: AD Complex Passwords Question > > > We're just beginning to implement AD here, and I have a quick > question on > the complex passwords setting. I know that this is a > domain-level setting, > and that you can't specify that just a single OU gets the > complex passwords, > but is there a way to turn it OFF for a specific OU (I'm guesssing the > answer is NO, but I figured I'd ask the experts anyway)? I > would really > like to have the complex passwords be in place for my staff > but not for my > public PC's (this is a library). Any help would be greatly > appreciated. > > Thanks, > Matt > > ------ > You are subscribed as [EMAIL PROTECTED] > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&tex t_mode=&lang=e nglish To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=e nglish To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=e nglish To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=e nglish To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED]
