Re: Password Policy & GPO Settings

From: Paul Bergson (pbergson_at_mnpower.com)
Date: 07/21/04 

Date: Wed, 21 Jul 2004 11:04:01 -0500

Domain Account settings are all that apply for users. If you set policies
up for users at an OU level it will be ignored. Local is a different story
but it only effects user authenticating to there local machine and has no
effect on the domain.

If you want to implement multiple password policies you can pick up a third
party product. We use Password Policy Enforcer but there are many different
ones available. Just search on password policy with your web search engine. 

-- 
Paul Bergson  MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Veets" <dddetrretsssadasy@hotnospmamail.com> wrote in message
news:uGTIiqzbEHA.1644@tk2msftngp13.phx.gbl...
> Hello,
> We're running a Windows 2000 domain & I have a few questions about the
> domain password policy settings.
> I'm familiar with the GPO inheritance order -> Local -> Site -> Domain
> GPO -> OU
> I've read however, that you can only have 1 password policy setup for your
> domain which is defined at the default GPO (I read it in the following
> article ->
>
http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/enforce_strong_passwords.mspx)
>
> As far as I understand it, what this means is that even if you define a
new
> password policy on an OU, it will not work since the OU will 'pick up' the
> default GPO password settings? Is this correct? Also, will the default GPO
> settings override the 'Account Lockout Policy' & 'Event Log'  options of
the
> new OU as well?
> If I'm right, does this mean that I'll need to create a new domain to get
> around this problem?
> I hope my questions are clear enough.
> Any input is greatly appreciated. TIA
> Best regards,
> Veets
>
>
>

Relevant Pages

  • Re: Using GPO to implement Password Policy
    ... I created a new Group Policy Object, Company Password Policy, ... this GPO to a test OU, ... note that the user account settings itself are set to "Password never ... All of my domain accounts are set with these settings for their ...
    (microsoft.public.windows.server.active_directory)
  • Re: GPO security settings not applied
    ... Domain Security Policy to set this. ... you can indeed set a password policy at the OU - level! ... >> Domain - Default Domain GPO ... User settings in the IT GPO (ex. ...
    (microsoft.public.win2000.group_policy)
  • Re: Password Policy & GPO Settings
    ... I was under the impression that you can link/ apply the GPO to either the ... applied to the authentication method; ... No, a password policy is for DOMAN, not for DomainControllers; ... specify your password policy in the domain security settings, ...
    (microsoft.public.win2000.active_directory)
  • Password Policy & GPO Settings
    ... We're running a Windows 2000 domain & I have a few questions about the ... domain password policy settings. ... GPO -> OU ... that you can only have 1 password policy setup for your ...
    (microsoft.public.win2000.active_directory)
  • Re: Group Policy Question
    ... You can not have a different password policy linked to each OU. ... >> domain user account objects that might be located in that OU. ... >> link the desired GPO to the correct OU. ... >> I might suggest that you check out the GPMC. ...
    (microsoft.public.windows.server.active_directory)
Loading