Re: To those who designed Group Policy in Active Directory

Addition to the my last post....

I know what I tried was ambiguous...as both the normal password
policy(applied at domain level) and the strict password policy (applied to
the OU) were applying to that computer account. So, if you got what I am
trying to implement, what do u reckon, it's possible or I can only do that
using password filters(not very happy to go that way).

Thanks.
Wasi



"Wasi" wrote:

> Hi,
> I understand that, but think about this, you want to apply a password
> policy to your domain(all users in all OUs) and a stricter password policy to
> IT or Domain Admin group, which has to be applied to the domain level as the
> IT staff is scattered all accross sites and it is not possible to restructure
> and put all the computers that belong to IT staff to put into one specific
> OU(IT can log into any Domain Computer anyway). What will u do?
> I put all the IT accounts in an OU and also move the IT group to that OU and
> applied the stricter Password Policy To That OU and that IT group, but it
> didn't fix the problem. Because the USER ACCOUNT PASSWORD has something to do
> with the computer. So I move 2 computer accounts to that OU and the policy
> started applying to those computers when I checked using RSOP.
>
> Mysterious Mysterious Mysterious.
>
> Thanks for replying guys.
> Wasi.
>
> "Dmitri Gavrilov [MSFT]" wrote:
>
> > I did not design GP, but I will take a shot.
> >
> > Password policy granularity is computer. All users living in this computer's
> > local account store are being subjected to the same password policy. It
> > cannot be customized per user. That's why pwd policy is a computer setting.
> >
> > User configuration GP settings are user-specific, and can be different from
> > user to user.
> >
> > --
> > Dmitri Gavrilov
> > SDE, Active Directory Core
> >
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> > Use of included script samples are subject to the terms specified at
> > http://www.microsoft.com/info/cpyright.htm
> >
> > "Wasi" <Wasi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:C45188AC-127F-47BA-AC29-13D01D8C0E02@xxxxxxxxxxxxxxxx
> > > Hi,
> > > Will you please enlighten me as to why Password policy is in the
> > > Computer
> > > Configuration Section and not in the User Configuration Section, even
> > > though
> > > it applies to users. Same about User Account Policies, I am very curious
> > > to
> > > know the great logic behind it.
> > >
> > > Thanks,
> > > Wasi
> >
> >
> >
.

Loading