Re: Password Policy & GPO Settings

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Javier Inglés [MS MVP] (jjingles2000_at_NOSPAMhotmail.com)
Date: 07/21/04 

Date: Wed, 21 Jul 2004 23:31:10 +0200

Hi, another possibility is use the security tab and deny the access to one GPO, with this, some groups can have one domain password policy and other groups can have another policy :-) 

-- 
Salu2!!!
Javier Inglés, MS-MVP
http://mvp.support.microsoft.com/default.aspx
e-m@il:jingles@NOSPAMmvps.org
<<<QUITAR "NOSPAM" PARA MANDAR MAIL>>>
Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho
"Paul Bergson" <pbergson@mnpower.com> escribió en el mensaje news:eDGAYxzbEHA.2880@TK2MSFTNGP12.phx.gbl...
> Domain Account settings are all that apply for users.  If you set policies
> up for users at an OU level it will be ignored.  Local is a different story
> but it only effects user authenticating to there local machine and has no
> effect on the domain.
> 
> If you want to implement multiple password policies you can pick up a third
> party product.  We use Password Policy Enforcer but there are many different
> ones available.  Just search on password policy with your web search engine.
> 
> -- 
> 
> Paul Bergson  MCT, MCSE, MCSA, CNE, CNA, CCA
> 
> This posting is provided "AS IS" with no warranties, and confers no rights.
> 
> 
> 
> "Veets" <dddetrretsssadasy@hotnospmamail.com> wrote in message
> news:uGTIiqzbEHA.1644@tk2msftngp13.phx.gbl...
> > Hello,
> > We're running a Windows 2000 domain & I have a few questions about the
> > domain password policy settings.
> > I'm familiar with the GPO inheritance order -> Local -> Site -> Domain
> > GPO -> OU
> > I've read however, that you can only have 1 password policy setup for your
> > domain which is defined at the default GPO (I read it in the following
> > article ->
> >
> http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/enforce_strong_passwords.mspx)
> >
> > As far as I understand it, what this means is that even if you define a
> new
> > password policy on an OU, it will not work since the OU will 'pick up' the
> > default GPO password settings? Is this correct? Also, will the default GPO
> > settings override the 'Account Lockout Policy' & 'Event Log'  options of
> the
> > new OU as well?
> > If I'm right, does this mean that I'll need to create a new domain to get
> > around this problem?
> > I hope my questions are clear enough.
> > Any input is greatly appreciated. TIA
> > Best regards,
> > Veets
> >
> >
> >
> 
>

Relevant Pages

  • Re: Using GPO to implement Password Policy
    ... I created a new Group Policy Object, Company Password Policy, ... this GPO to a test OU, ... note that the user account settings itself are set to "Password never ... All of my domain accounts are set with these settings for their ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password Policy & GPO Settings
    ... I was under the impression that you can link/ apply the GPO to either the ... applied to the authentication method; ... No, a password policy is for DOMAN, not for DomainControllers; ... specify your password policy in the domain security settings, ...
    (microsoft.public.win2000.active_directory)
  • Password Policy & GPO Settings
    ... We're running a Windows 2000 domain & I have a few questions about the ... domain password policy settings. ... GPO -> OU ... that you can only have 1 password policy setup for your ...
    (microsoft.public.win2000.active_directory)
  • Re: Password Policy & GPO Settings
    ... Domain Account settings are all that apply for users. ... If you set policies ... Just search on password policy with your web search engine. ... > GPO -> OU ...
    (microsoft.public.win2000.active_directory)
  • Re: GPO security settings not applied
    ... Domain Security Policy to set this. ... you can indeed set a password policy at the OU - level! ... >> Domain - Default Domain GPO ... User settings in the IT GPO (ex. ...
    (microsoft.public.win2000.group_policy)