Re: default domain controller group policy newbie question...

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: ptwilliams (ptw2001_at_hotmail.com)
Date: 10/05/04

Next message: Joe Richards [MVP]: "Re: Server Operator Role"
Previous message: Tomasz Onyszko: "Re: How to Authenticate to local server."
In reply to: Chris: "Re: default domain controller group policy newbie question..."
Messages sorted by: [ date ] [ thread ]

Date: Tue, 5 Oct 2004 23:41:40 +0100

You'd have to create another domain, and move those users into that domain.

This is domain specific. You cannot filter this onto some users and not
others. It is processed and applied to the domain controllers - who
authenticate you; not by users per-se.

-- 
Paul Williams
http://www.msresource.net
http://forums.msresource.net
______________________________________
"Chris" <Chris@discussions.microsoft.com> wrote in message 
news:0061CF2A-00F1-4913-86E4-0E8EA0247289@microsoft.com...
thanks ptwilliams.  that answers that, but poses another question I have
then.  If i want certain users to have more complex password requirements
than other "normal" users on the domain, where within Group Policy would I
set this?
chris
"ptwilliams" wrote:
> When you set this policy, you set it at the domain level; that is, you
> configure this option on the GPO that is linked to the Domain.  The DCs 
> then
> grab and process this policy and it applies to all domain-based accounts 
> in
> the domain.  This is one of the few reasons for additional domains; 
> because
> this is applicable to the entire domain only.
>
> If you set this on an OU, it will only apply to local accounts on the
> computers that processed this policy.
>
> -- 
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
> ______________________________________
> "Chris" <Chris@discussions.microsoft.com> wrote in message
> news:C712CAB4-69DC-4273-9333-36A5669C957D@microsoft.com...
> when it comes to password complexity within the default domain controller
> policy, what accounts is this referring to?
>
>
>

Next message: Joe Richards [MVP]: "Re: Server Operator Role"
Previous message: Tomasz Onyszko: "Re: How to Authenticate to local server."
In reply to: Chris: "Re: default domain controller group policy newbie question..."
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: default domain controller group policy newbie question...
... thanks ptwilliams. ... If i want certain users to have more complex password requirements ... than other "normal" users on the domain, where within Group Policy would I ... > If you set this on an OU, it will only apply to local accounts on the ...
(microsoft.public.win2000.active_directory)
Re: Local Group Policy
... Chris S. brought next idea: ... My understanding is that for GPOs, the LSDOu precedence takes effect in an AD. I've been told that there's no need to configure the Local grp. ... The reason given to me is that the Domain or OU policy will takes effect when the client workstation or member server is connected to the AD. ... disconnecting it from the AD and after reboot - this mean that all the ...
(microsoft.public.windows.group_policy)
Re: local admin can join computer to domain
... Hi Chris, ... Domain Users Cannot Join Workstation or Server to a Domain ... >> a) you can always disable Add Workstation do domain policy in AD ... >> c) you should have written security policy that will let users know what ...
(microsoft.public.win2000.security)
RE: Running Unmanaged code LogonUser() on a UNC Path
... Hi Chris, ... >The assembly is actually located on a file server and not on the local ... >in the Runtime Security Policy section of .NET Framework configuration? ... >Framework Configuration" my assembly with the LogonUser API call in it ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Restricting Internet Access
... you create this policy. ... Chris ... > I created a GPO that only included one option set; ...
(microsoft.public.windows.group_policy)