Re: To those who designed Group Policy in Active Directory

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: "Wasi" <Wasi@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 12 May 2005 22:52:02 -0700

---

Hi,
I understand that, but think about this, you want to apply a password
policy to your domain(all users in all OUs) and a stricter password policy to
IT or Domain Admin group, which has to be applied to the domain level as the
IT staff is scattered all accross sites and it is not possible to restructure
and put all the computers that belong to IT staff to put into one specific
OU(IT can log into any Domain Computer anyway). What will u do?
I put all the IT accounts in an OU and also move the IT group to that OU and
applied the stricter Password Policy To That OU and that IT group, but it
didn't fix the problem. Because the USER ACCOUNT PASSWORD has something to do
with the computer. So I move 2 computer accounts to that OU and the policy
started applying to those computers when I checked using RSOP.

Mysterious Mysterious Mysterious.

Thanks for replying guys.
Wasi.

"Dmitri Gavrilov [MSFT]" wrote:

> I did not design GP, but I will take a shot.
>
> Password policy granularity is computer. All users living in this computer's
> local account store are being subjected to the same password policy. It
> cannot be customized per user. That's why pwd policy is a computer setting.
>
> User configuration GP settings are user-specific, and can be different from
> user to user.
>
> --
> Dmitri Gavrilov
> SDE, Active Directory Core
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> "Wasi" <Wasi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:C45188AC-127F-47BA-AC29-13D01D8C0E02@xxxxxxxxxxxxxxxx
> > Hi,
> > Will you please enlighten me as to why Password policy is in the
> > Computer
> > Configuration Section and not in the User Configuration Section, even
> > though
> > it applies to users. Same about User Account Policies, I am very curious
> > to
> > know the great logic behind it.
> >
> > Thanks,
> > Wasi
>
>
>
.

---

• Follow-Ups:
  • Re: To those who designed Group Policy in Active Directory
    • From: Mike Brannigan [MSFT]
  • Re: To those who designed Group Policy in Active Directory
    • From: Wasi

• References:
  • To those who designed Group Policy in Active Directory
    • From: Wasi
  • Re: To those who designed Group Policy in Active Directory
    • From: Dmitri Gavrilov [MSFT]

• Prev by Date: RE: Allowing Remote Admin Some Control
• Next by Date: Re: To those who designed Group Policy in Active Directory
• Previous by thread: Re: To those who designed Group Policy in Active Directory
• Next by thread: Re: To those who designed Group Policy in Active Directory
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2005-05