Re: Using GPO to implement Password Policy
- From: "Paul Jensen" <paul.a.jensen@xxxxxxxxx>
- Date: Mon, 23 Oct 2006 14:41:55 GMT
Password policies are a little different than any other that you might
create. They can only be applied to the domain. NOT to an OU.
If you link it to an OU, it will actually affect the those local machines
when you use them to log on locally, but not the domain.
To use password policies you must use them at the domain level. If you have
a requirement for different password policies for different people, you must
put them in a spearate domain and apply a different policy to that domain.
Hope that helps.
"Saral6978" <Saral6978@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
I'm using Group Policy Managment to create and manage my domain's group
policies. We have decided to implement a password policy so I created a
Group Policy Object, Company Password Policy, configured the settings I
wanted as far as maximum password age, complexity, etc and enabled the
I then attempted to then link this GPO to a test OU, called "GPO Test
Computers". I ran gpupdate /force and logged into the test computer
under this GPO. I also ran gpupdate /force on this PC and also rebooted
for good measure, but it is not making the user change the password (it is
test account, located in the OU "GPO Test Users". Password policies are
applied to computers, not users, correct?
I will also note that I am trying to do this on a Windows 2003 member
(test server), in which I gave the gpotest user access to log on locally,
not have admin rights, so I'm not sure if it is because it is running
and not XP or sometihng. I should also note that the user account
itself are set to "Password never expires" and "User Cannot Change
Passoword". I was thinking that the GPO would automatically change this
setting when implemented. All of my domain accounts are set with these
settings for their passwords, and we have about 100 users, and I'm hoping
don't have to go into each account and uncheck these boxes.
Does anyone have any ideas? I did try linking the newly created GPO to
"GPO Test Users" OU as well, but that did not seem to do it either.
Which OU should this policy be linked to?
- Prev by Date: Re: Computers not affected by group policy
- Next by Date: Re: dns question...
- Previous by thread: Re: Computers not affected by group policy
- Next by thread: Re: Using GPO to implement Password Policy