Re: Filter GPO by group
- From: "Chriss3 [MVP]" <nospam_chrisse@xxxxxxxx>
- Date: Fri, 12 Aug 2005 16:42:23 +0200
It's true that the accounts policies only can be defined within athe GPO at
the domain level that has the highest priority. This is by default, Default
Domain Policy. How ever other group policy options can be modify in multiple
policies.
This means that all user accounts within a domain have to use the same
account policy, if you need diffrent policies for diffrent users, write your
own password filter, get a 3rd part filter, or create another domain.
"Wildflower" <Wildflower@xxxxxxxxxxxxxxxxxxxxxxxxx> skrev i meddelandet
news:80C99704-17C4-4662-A798-7C8CA6EA5230@xxxxxxxxxxxxxxxx
> Technet recommends to not alter the default Domain policy, instead to
> create
> a new GPO, link it to the domain and enforce it. You are saying this is
> not
> the case. Is it true that account password policies can only be set in
> the
> default Domain policy? From there, can you still stop those settings from
> applying to administrators? Thanks for your help with this one.
> --
> Wildflower
> MCSE 2004
>
>
> "lforbes" wrote:
>
>> Hi,
>>
>> You cannot set account policies more than once in a Domain. Account
>> Policies
>> like Password Age etc are set in the Default Domain Policy and no where
>> else.
>> This is why it isn't working.
>>
>> Cheers,
>>
>> Lara
>>
>> "Wildflower" wrote:
>>
>> > We want to set account policies, at the domain, for a certain group of
>> > users.
>> > We have created a new GPO, set the settings, linked it to the domain
>> > and
>> > enforced the GPO. in the Security filtering area, we have added the
>> > target
>> > group. That is the only group in the filter. The users do not ever
>> > get the
>> > account settings, but do get all other settings we have configured in
>> > the new
>> > GPO.
>> >
>> > If I add the authorized users group to the filter, then everyone gets
>> > the
>> > new policy, including administrators. We would like to exclude
>> > administrators from this policy. I have set all the proper settings in
>> > the
>> > Delegation tab/ Advanced button area for administrators, etc, to read
>> > but not
>> > apply the GPO.
>> >
>> > What am I missing?
>> > --
>> > Wildflower
>> > MCSE 2004
.
- References:
- Filter GPO by group
- From: Wildflower
- RE: Filter GPO by group
- From: lforbes
- RE: Filter GPO by group
- From: Wildflower
- Filter GPO by group
- Prev by Date: Restrict password policy for admins
- Next by Date: Re: ACL - Printer Question
- Previous by thread: RE: Filter GPO by group
- Next by thread: RE: Filter GPO by group
- Index(es):
