Re: Active Directory Domain Policy

From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
Date: Wed, 22 Nov 2006 15:44:49 -0500

Currently Windows only allows a single domain password policy.

If you set policy on OUs, the policy will apply to the member machines local to that OU and any IDs that exist on those member machines. Domain IDs will be unaffected.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

CAMC1 wrote:

Hi,

We have Active Directory Domain Policy which I want to enforce password
expiration and remembered passwords, and so on.
But I want certain users and or exchange mailboxes be excluded from this
policy.
Instead of forcing domain wide policy, if I create another OU, move all
users to be part of this policy to the new OU, and implement it OU level,
is there anything wrong doing it this way?

IS there a better way to appoach this issue?

Thanks
MC

Follow-Ups:
- Re: Active Directory Domain Policy
  - From: Harj

References:
- Active Directory Domain Policy
  - From: CAMC1

Prev by Date: Re: Cross-Domain question (Parent - Child)
Next by Date: Re: How to change a CN Name in AD
Previous by thread: Re: Active Directory Domain Policy
Next by thread: Re: Active Directory Domain Policy
Index(es):
- Date
- Thread

Relevant Pages

Windows Shortcut Keys and "ALT+TAB" not working because of GPO
... We've got an issue with a machine policy which prohibits us of using Windows ... Deny access to this computer from the network Support_388945a0, ... Policy Setting ...
(microsoft.public.de.german.windowsxp.gruppen.richtlinien)
Re: GP errors
... Then later shutdown second one and start the first one. ... machine (MTCCSAPROUTER) to the domain and those errors are not coming. ... The policy for which it is giving access denied error is the Default ... Windows cannot query for the list of Group Policy objects. ...
(microsoft.public.windows.server.active_directory)
Re: Important information about XP SP2 .ADM Files
... The Windows 2000 fix is available here: ... >> your attention to an important issue related to Group Policy. ... >> an important issue around the use of the .ADM files we ship with XP SP2. ...
(microsoft.public.windows.group_policy)
Re: Server 2K3 Remote Desktop Access - is this right place?
... All roads for that particular error of 'You do not have access to logon to ... On Windows Server 2003, launch GPEDIT.MSC from Start -> Run. ... Drill down and expand the following for Local Computer Policy: ... > Strange - when I activate the Remote Desktop Terminal from the server, ...
(microsoft.public.win2000.advanced_server)
Re: Important information about XP SP2 .ADM Files
... The Windows 2000 fix is available here: ... >> your attention to an important issue related to Group Policy. ... >> an important issue around the use of the .ADM files we ship with XP SP2. ...
(microsoft.public.win2000.group_policy)