Re: 3rd party AD password policy tool

so blocking inheritance wont effect the user accounts either way?, sorry for
the quesions still getting to know AD and all of its features and
functionality.

"Jorge de Almeida Pinto [MVP - DS]" wrote:

I do not want to sound rude but the answer still remains

no or none

read what I mailed earlier

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jeffa" <Jeffa@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DB4FFBB7-92A3-49C0-A0CF-548DDD08389F@xxxxxxxxxxxxxxxx
The password policy is in the computer account area of the security
policy,
If I block inheritance would I only block the user OU's I created? or do I
need also to block the devices they logon with? not sure if this will
corupt
or make any unwanted changes to the domain or computer accounts.
The reason for this is we want to enforce the same policy company wide but
only roll out to one department at a time.

Thanks,
Jeff

"Jorge de Almeida Pinto [MVP - DS]" wrote:

none

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jeffa" <Jeffa@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:359EA4BD-3C65-471B-B8FC-804B2520DF5B@xxxxxxxxxxxxxxxx
Can use the block policy inheritance on the user OU's i dont want to
get
the
policy?, if i do use the block option what effect would i have on the
user
accounts in those OU's

Thanks

"Jorge de Almeida Pinto [MVP - DS]" wrote:

linking GPOs with password policy configuration will not work on
OUs...
within AD you can only define ONE password policy and that MUST be
linked
to
the domain.


about a third party tool...

you may wanna have a look at "Password Policy Enforcer" from Anixis

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jeffa" <Jeffa@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:09825712-D8CA-4E76-801E-9C59888E6214@xxxxxxxxxxxxxxxx
Looking to have the AD password policy only effect certain OU's , if
i
understand this correclty I can only do this by blocking policy
inheritance
or 3rd party tools. just looking to see if anyone has suggestions on
utility.

Thanks









.

Relevant Pages

  • RE: Group Policy: multiple password policies in the same domain?
    ... > it under access to the GPO. ... The conflict only happens when both policies ... results in having the policy denied. ... > user accounts it affects be able to read it and have "apply ...
    (Focus-Microsoft)
  • Re: Password Policy Basics
    ... but assumed the POLICY would be applied to ALL ... so lcoal machines might start enforcing that policy on ... No, the local accounts are not effected by the domain policy, except you link the policy also to the OU like Florian states. ... I was thinking of service accounts on the servers... ...
    (microsoft.public.windows.group_policy)
  • Re: Windows 2000 users accounts get locked out
    ... I have disabled my accounts lockout policy in my ... >account logon events enabled in Domain Security Policy ... and Domain Controller ...
    (microsoft.public.win2000.security)
  • Re: RSoP Lockout Account
    ... Account Policy, or more specifically any items within Computer ... *domain accounts* can ... account policies per domain, but again, I haven't seen that in writing yet. ... >>> I'm trying to aply a GPO to an OU that contains computers, ...
    (microsoft.public.win2000.group_policy)
  • Re: AD 2000, Blank passwords, and Group Policy
    ... I set up an account with password policy enforced and experienced the same as you ... The only thing I can suggest is to leave the accounts as they ... accounts to change password at next logon. ... I could set the policy to not enforce this until after all ...
    (microsoft.public.win2000.security)