Re: AD and GPO's

From: BOFH (john.hamilton70_at_ntlworld.com)
Date: 09/14/04 

Date: Tue, 14 Sep 2004 22:01:58 +0100

Which is why I set the domain policy to 'Not Configured'

BOFH

"Steve Bruce, mct" <steve@xmaslake.com> wrote in message
news:ecFPmupmEHA.3756@TK2MSFTNGP09.phx.gbl...
> Mike,
>
> I teach the MOC which agrees with you . . . BUT in a classroom right here
,
> right now, we ran several tests.
>
> The Results: You can set more restrictive account policies at the OU
> level, and they take effect.
> Less restrictive account policies set at the OU level are overwritten by
the
> domain policy.
>
> Specifically:
> DOMAIN Password Length = 8
> OU Password Length = 10
> RESULT 10 is enforced
>
> DOMAIN Password Length = 10
> OU Password Length = 8
> RESULT 10 is enforced
>
>
>
> "Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in message
> news:egnxJlomEHA.1692@TK2MSFTNGP10.phx.gbl...
> > "BOFH" <john.hamilton70@ntlworld.com> wrote in message
> > news:2qoog6F1194rjU1@uni-berlin.de...
> >> We have differing user requirements in our domain, so I changed the
> >> domain
> >> and default domain policies for password to 'Not configured' and
changed
> >> the
> >> relevant OUs that contained my users.
> >>
> >> Please note that simply changing those policies to 'Not Configured'
will
> >> NOT
> >> change the previous policy setting. You have to define them elsewhere
> >> for
> >> your needs to be implemented.
> >
> > That will not work. The security policy setting for passwords and some
of
> > the Kerberos settings are only changeable in the default domain policy.
> > If you change them elsewhere they will have no effect.
> >
> > --
> >
> > Regards,
> >
> > Mike
> > --
> > Mike Brannigan [Microsoft]
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights
> >
> > Please note I cannot respond to e-mailed questions, please use these
> > newsgroups
> >
> > "BOFH" <john.hamilton70@ntlworld.com> wrote in message
> > news:2qoog6F1194rjU1@uni-berlin.de...
> >> We have differing user requirements in our domain, so I changed the
> >> domain
> >> and default domain policies for password to 'Not configured' and
changed
> >> the
> >> relevant OUs that contained my users.
> >>
> >> Please note that simply changing those policies to 'Not Configured'
will
> >> NOT
> >> change the previous policy setting. You have to define them elsewhere
> >> for
> >> your needs to be implemented.
> >>
> >> BOFH
> >>
> >> "Steve Bruce, mct" <steve@xmaslake.com> wrote in message
> >> news:#rL#K#nmEHA.3896@TK2MSFTNGP15.phx.gbl...
> >>> The Group Policy Template is the same regardless of where you link it
so
> >> the
> >>> option "appears" to be possible at the OU level.
> >>>
> >>> Account Polciies can only be implemented at the domain level however >
> >>> it
> >>> make sense because users can access resources anywhere in the domain,
so
> >>> their password requirements should be consistent across the domain.
> >>>
> >>>
> >>>
> >>>
> >>> "hendricm2003" <hendricm2003@discussions.microsoft.com> wrote in
message
> >>> news:1CE18C4C-EF9D-4BDB-91C1-7AE8F0A05E69@microsoft.com...
> >>> > If you can only define a password policy in the default domain
> >>> > settings,
> >>> > why
> >>> > do they give you the option to do it in an OU? I want to have
> >>> > different
> >>> > password policy settings for each container. Is that possible?
> >>> >
> >>> > -Matt
> >>>
> >>>
> >>
> >>
> >
> >
>
>