RE: Filter GPO by group

Technet recommends to not alter the default Domain policy, instead to create
a new GPO, link it to the domain and enforce it. You are saying this is not
the case. Is it true that account password policies can only be set in the
default Domain policy? From there, can you still stop those settings from
applying to administrators? Thanks for your help with this one.
--
Wildflower
MCSE 2004


"lforbes" wrote:

> Hi,
>
> You cannot set account policies more than once in a Domain. Account Policies
> like Password Age etc are set in the Default Domain Policy and no where else.
> This is why it isn't working.
>
> Cheers,
>
> Lara
>
> "Wildflower" wrote:
>
> > We want to set account policies, at the domain, for a certain group of users.
> > We have created a new GPO, set the settings, linked it to the domain and
> > enforced the GPO. in the Security filtering area, we have added the target
> > group. That is the only group in the filter. The users do not ever get the
> > account settings, but do get all other settings we have configured in the new
> > GPO.
> >
> > If I add the authorized users group to the filter, then everyone gets the
> > new policy, including administrators. We would like to exclude
> > administrators from this policy. I have set all the proper settings in the
> > Delegation tab/ Advanced button area for administrators, etc, to read but not
> > apply the GPO.
> >
> > What am I missing?
> > --
> > Wildflower
> > MCSE 2004
.

Loading