Re: Domain Password Policy
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 11/22/04
- Next message: Ray Stanley: "Re: Dial-in properties error."
- Previous message: ptwilliams: "Re: Removing Trusts in Active Directory"
- In reply to: Ketan: "Re: Domain Password Policy"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 22 Nov 2004 20:50:01 -0000
> My understanding was the GP settings could be overriden based on
> individual user account properties, but before I start making claims to
> the client, I'd like to know that it is right.
Here we go again...
No. Only at the local SAM level. This is set on the domain object itself,
and is therefore processed by DCs (which are the domain). You cannot
override this at a lower level unless you plan on logging onto the machines
at the lower level locally. Otherwise you'll be authenticating with a DC
which has this set on the partition that it's responsible for.
You can configure a user to have no password whatsoever in this environment,
but that's it. Although I believe there are third-party applications that
can sit in between the users and DCs and allow different policies.
-- http://www.msresource.net/content/view/21/48/
The password never expires option will override domain security policy, but
will be tedious to set for multiple users without the use of a script.
-- Paul Williams http://www.msresource.net http://forums.msresource.net "Ketan" <Ketan@discussions.microsoft.com> wrote in message news:A35A2E6A-11B2-49F4-9C2E-9FA13D961ECD@microsoft.com... I also have the same question. I have a client that claims that their password settings are controlled by their Active Directory Group Policy settings and that they cannot override the settings for certain individual accounts. My understanding was the GP settings could be overriden based on individual user account properties, but before I start making claims to the client, I'd like to know that it is right. In addition to the "password never expires" option, I'm also interested in overriding the "minimum length", and other password options. Thanks in advance. "Marsha" wrote: > So the 'password never expires' setting should block the domain password > policy? I think that's what you're saying. I thought it would, but I > wasn't > sure. I will have to do some testing. Thanks for your help!
- Next message: Ray Stanley: "Re: Dial-in properties error."
- Previous message: ptwilliams: "Re: Removing Trusts in Active Directory"
- In reply to: Ketan: "Re: Domain Password Policy"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
