Re: where to apply?
From: Me (me_at_myco.com)
Date: 09/18/04
- Next message: Darren Mar-Elia: "Re: GPO for 802.1x"
- Previous message: Cary Shultz [A.D. MVP]: "Re: where to apply?"
- In reply to: Cary Shultz [A.D. MVP]: "Re: where to apply?"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: where to apply?"
- Reply: Cary Shultz [A.D. MVP]: "Re: where to apply?"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 18 Sep 2004 10:58:49 -0700
On Sat, 18 Sep 2004 12:52:08 -0400, "Cary Shultz [A.D. MVP]"
<cwshultz@mvps.org> wrote:
>Hello Me!
>
>I guess that this would be Mini Me writing to you? But is that possible at
>6' / 210 lbs to be called 'Mini-Me'? Probably not!
>
>This is a basic question. But a good one and one that often comes up. So,
>if you have it they you know that a ton of others have it as well.
>
>Password Policy is a special animal. There can be only one password policy
>per domain and you apply it to the domain level ( through the Domain
>Security Policy ). Period!
>
>You can not have a password policy applied to the OU level and have it apply
>to any domain user accounts. That policy would, however, apply to any local
>user accounts to any computer account objects that might reside in the OU to
>which this password policy GPO was linked. What does that mean? Say that
>you have an OU in which there are 15 computer account objects: pc01, pc02,
>pc03, etc. You apply the password policy GPO to his OU. At the next reboot
>of the computers user account logging on locally ( to the computer, not to
>the domain ) will be affected by this password policy.
>
>Does this make sense?
Does it make sense ... Let me see ... if for example I was stuborn and
still wanted to apply password policy to an OU I would have to have
all the user and computer accounts in that OU or sub OU... AND ..... (
note the .... is me thinking ) I would have to have all those users
logon locally to their machiines!?!
Further, if I wanted to apply password policy to some users only,
(with all users logging in the domain which is of course the best) I
would have to link the gpo to the domain and then deny the users I
didn't want to have it to that gpo yes?
>Mini Me! aka Cary
Thanks Mini Me. BTW - I gladly call you Mini Me for helping me out! :)
>"Me" <me@myco.com> wrote in message
>news:l4mok09q7lkhfb4j883u528a4v0iboej4i@4ax.com...
>> I know this a GPO 101 type question but any help would be welcome..
>>
>> Let's say you have a 2003 domain with a single user OU called
>> employees. You want to set a password policy so that employees have
>> complex passwords. Do you link it to the domain or Employees OU and
>> why?
>>
>> Sounds like a test question I know but I would set it at the
>> employees OU because I may want to create another OU later and not
>> apply the GPO there. Does this make sense or should I just link it to
>> the domain and deny permissions to it for the new OU I create?
>>
>> Thanks for any advice.
>
- Next message: Darren Mar-Elia: "Re: GPO for 802.1x"
- Previous message: Cary Shultz [A.D. MVP]: "Re: where to apply?"
- In reply to: Cary Shultz [A.D. MVP]: "Re: where to apply?"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: where to apply?"
- Reply: Cary Shultz [A.D. MVP]: "Re: where to apply?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
