RE: Block Policy Inheritance not working as anticipated
anonymous_at_discussions.microsoft.com
Date: 07/20/04
- Next message: anonymous_at_discussions.microsoft.com: "Setting IE Temp Files cache via GPO"
- Previous message: Ken: "Re: How to deploy Office XP SP3 from group policy?"
- In reply to: bottomfeeder: "RE: Block Policy Inheritance not working as anticipated"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 20 Jul 2004 07:57:35 -0700
have oyu got no override selected? if so uncheck it
>-----Original Message-----
>After posting this question I browsed other posts relevant
to my own and found my answer:
>
>Password policies are per domain only. This ensures that a
domain will have a consistent policy across all users, thus
not putting it at risk by allowing possibly weaker
passwords in a portion of the domain.
>
>It would appear that there is no way around this. If
there happens to be a solution, I would appreciate hearing
about it.
>
>Thanks!!!
>
>
>
>"bottomfeeder" wrote:
>
>> I have a Domain Controller running Windows 2000 Server.
The Domain container (root) has a GPO (Default Domian
Policy) with password policies defined (complexity,
history, length and age). Below the Domain container I
have 3 OUs (Accounts, Domain Controllers and Groups). Only
the Domain Controllers OU has it's own GPO (Default Domain
Controllers Policy). This policy does not have any
password policies defined.
>>
>> Below the Accounts OU I have a child OU (EM Mailbox)
that contains User accounts. I have one GPO set for this
OU which does not have any password policies defined. I
have selected the check box for "Block Policy Inheritance"
under the Group Policy tab of the EM Mailbox properties.
>>
>> I expected this to block the password policy settings
from GPO on the Domain Container (root), but it has not
worked. On the Domain Controller I have issued the
following command after selecting the Block Policy
Inheritance check box:
>>
>> secedit /refreshpolicy machine_policy /enforce
>>
>> I also restarted the Domain Controller after issueing
the secedit command above.
>>
>> I am still unable to create a new user account in the EM
Mailbox OU without being subject to the password policies
set in the GPO associated with the Domain Container (root).
I need to be able to create the new user account using a
password that does not meet all the password requirements
set in the Domain Container's GPO.
>>
>> Does anyone have any suggestions?
>>
>> Thanks in advance!!
>.
>
- Next message: anonymous_at_discussions.microsoft.com: "Setting IE Temp Files cache via GPO"
- Previous message: Ken: "Re: How to deploy Office XP SP3 from group policy?"
- In reply to: bottomfeeder: "RE: Block Policy Inheritance not working as anticipated"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
