Re: Local setting vs. Effective setting w/ GP??

From: Matjaz Ladava [MVP] (matjaz_at_ladava.com)
Date: 02/12/05 

Date: Sat, 12 Feb 2005 04:44:00 +0100

Password policies do not override local policies. They behave differently.
If you want to control local password policies, then create a GPO for
passwords at OU level holding your computer accounts 

-- 
Regards
Matjaz Ladava, ladava.com
MCSA, MCSE, MCT
Microsoft MVP Windows Server - Directory Services
e-mail: matjaz@ladava.com, matjazl@mvps.org
"WetBehindEars" <WetBehindEars@discussions.microsoft.com> wrote in message 
news:FB91636A-B444-4E65-96B8-5CDAAE8FB6FD@microsoft.com...
>I understand that, but shouldnt the domain policy override the local?
>
> "Matjaz Ladava [MVP]" wrote:
>
>> local policy affects local account meanwhile domain policy affects domain
>> accounts.
>>
>> -- 
>> Regards
>>
>> Matjaz Ladava, ladava.com
>> MCSA, MCSE, MCT
>> Microsoft MVP Windows Server - Directory Services
>> e-mail: matjaz@ladava.com, matjazl@mvps.org
>>
>> "WetBehindEars" <WetBehindEars@discussions.microsoft.com> wrote in 
>> message
>> news:14545F5B-10F1-425D-9815-4267B91322C8@microsoft.com...
>> >I have a Password GP setup at the domain level to test on a few users. 
>> >I
>> > have it setup for passwords to expire every 8 days (for testing 
>> > purposes).
>> > Well we get a popup screen that states password will expire in 14 days.
>> > How
>> > is that, if the domain GP is set to 8 days?  I have taken a look at the
>> > local
>> > computer policy on my workstation and it states 14 days for the local
>> > setting
>> > and 14 days for the effective setting (which should be the GP I applied 
>> > to
>> > the domain).  Now why hasnt the GP at the domain overridden the local
>> > policy?
>> > I see that other settings have taken effect.  Any suggestions as to why
>> > this
>> > is happening?  Thanks!
>>
>>
>>

Relevant Pages

  • RE: Group Policy: multiple password policies in the same domain?
    ... the policy is just ignored. ... Subject: Group Policy: multiple password policies in the same domain? ... I'm trying to lock down some domain "service" accounts (backup, ... time I'm trying to enforce stronger passwords for service accounts like ...
    (Focus-Microsoft)
  • RE: Group Policy: multiple password policies in the same domain?
    ... I'd suspected that you might be able to use a different GPO at the same level but having never tested it I didn't want to committ it to writing! ... Subject: Group Policy: multiple password policies in the same ... You can only affect domain> accounts at the domain level, but you do NOT have to use the> "Default Domain Policy" GPO. ...
    (Focus-Microsoft)
  • RE: Group Policy: multiple password policies in the same domain?
    ... Domain password policies must apply to machines at the domain level. ... The password policy for all domain accounts must be set at the default ... If you set password policy in an OU, it will affect the LOCAL accounts ...
    (Focus-Microsoft)
  • Re: Password Policy Question
    ... you can set password never expires on a per-user basis and that will ... essentially override the password lifetime that you set in account policy, ... but you can't override password complexity per user, ... >> accounts for which I would like to keep a single constant password. ...
    (microsoft.public.windows.group_policy)
  • Re: AD User Password Policies
    ... All domain accounts. ... service account. ... >>> I have questions RE applying Password Policies. ... >>> machine policy. ...
    (microsoft.public.windows.server.active_directory)