RE: Block Policy Inheritance not working as anticipated

From: bottomfeeder (bottomfeeder_at_discussions.microsoft.com)
Date: 07/20/04

• Next message: bottomfeeder: "Re: Block Policy Inheritance not working as anticipated"
• Previous message: Steve: "KB update to Office 2003"
• In reply to: bottomfeeder: "Block Policy Inheritance not working as anticipated"
• Next in thread: anonymous_at_discussions.microsoft.com: "RE: Block Policy Inheritance not working as anticipated"
• Reply: anonymous_at_discussions.microsoft.com: "RE: Block Policy Inheritance not working as anticipated"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 19 Jul 2004 18:13:03 -0700

After posting this question I browsed other posts relevant to my own and found my answer:

Password policies are per domain only. This ensures that a domain will have a consistent policy across all users, thus not putting it at risk by allowing possibly weaker passwords in a portion of the domain.

It would appear that there is no way around this. If there happens to be a solution, I would appreciate hearing about it.

Thanks!!!

"bottomfeeder" wrote:

> I have a Domain Controller running Windows 2000 Server. The Domain container (root) has a GPO (Default Domian Policy) with password policies defined (complexity, history, length and age). Below the Domain container I have 3 OUs (Accounts, Domain Controllers and Groups). Only the Domain Controllers OU has it's own GPO (Default Domain Controllers Policy). This policy does not have any password policies defined.
>
> Below the Accounts OU I have a child OU (EM Mailbox) that contains User accounts. I have one GPO set for this OU which does not have any password policies defined. I have selected the check box for "Block Policy Inheritance" under the Group Policy tab of the EM Mailbox properties.
>
> I expected this to block the password policy settings from GPO on the Domain Container (root), but it has not worked. On the Domain Controller I have issued the following command after selecting the Block Policy Inheritance check box:
>
> secedit /refreshpolicy machine_policy /enforce
>
> I also restarted the Domain Controller after issueing the secedit command above.
>
> I am still unable to create a new user account in the EM Mailbox OU without being subject to the password policies set in the GPO associated with the Domain Container (root). I need to be able to create the new user account using a password that does not meet all the password requirements set in the Domain Container's GPO.
>
> Does anyone have any suggestions?
>
> Thanks in advance!!

---

• Next message: bottomfeeder: "Re: Block Policy Inheritance not working as anticipated"
• Previous message: Steve: "KB update to Office 2003"
• In reply to: bottomfeeder: "Block Policy Inheritance not working as anticipated"
• Next in thread: anonymous_at_discussions.microsoft.com: "RE: Block Policy Inheritance not working as anticipated"
• Reply: anonymous_at_discussions.microsoft.com: "RE: Block Policy Inheritance not working as anticipated"
• Messages sorted by: [ date ] [ thread ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)