Re: Using GPO to implement Password Policy

Password policies are a little different than any other that you might
create. They can only be applied to the domain. NOT to an OU.

If you link it to an OU, it will actually affect the those local machines
when you use them to log on locally, but not the domain.

To use password policies you must use them at the domain level. If you have
a requirement for different password policies for different people, you must
put them in a spearate domain and apply a different policy to that domain.

Hope that helps.






"Saral6978" <Saral6978@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1D85F154-7AC7-4557-8FE0-6C361649CEA5@xxxxxxxxxxxxxxxx
I'm using Group Policy Managment to create and manage my domain's group
policies. We have decided to implement a password policy so I created a
new
Group Policy Object, Company Password Policy, configured the settings I
wanted as far as maximum password age, complexity, etc and enabled the
GPO.
I then attempted to then link this GPO to a test OU, called "GPO Test
Computers". I ran gpupdate /force and logged into the test computer
located
under this GPO. I also ran gpupdate /force on this PC and also rebooted
it
for good measure, but it is not making the user change the password (it is
a
test account, located in the OU "GPO Test Users". Password policies are
applied to computers, not users, correct?

I will also note that I am trying to do this on a Windows 2003 member
server
(test server), in which I gave the gpotest user access to log on locally,
but
not have admin rights, so I'm not sure if it is because it is running
server
and not XP or sometihng. I should also note that the user account
settings
itself are set to "Password never expires" and "User Cannot Change
Passoword". I was thinking that the GPO would automatically change this
setting when implemented. All of my domain accounts are set with these
settings for their passwords, and we have about 100 users, and I'm hoping
I
don't have to go into each account and uncheck these boxes.

Does anyone have any ideas? I did try linking the newly created GPO to
the
"GPO Test Users" OU as well, but that did not seem to do it either.

Which OU should this policy be linked to?

Thanks,
Sara


.

Relevant Pages

  • Re: Using GPO to implement Password Policy
    ... will need need another server to use as a domain controller in order to ... Password, Kerberos, and Lockout policy. ... To use password policies you must use them at the domain level. ... I then attempted to then link this GPO to a test OU, ...
    (microsoft.public.windows.server.active_directory)
  • RE: Group Policy: multiple password policies in the same domain?
    ... I'd suspected that you might be able to use a different GPO at the same level but having never tested it I didn't want to committ it to writing! ... Subject: Group Policy: multiple password policies in the same ... You can only affect domain> accounts at the domain level, but you do NOT have to use the> "Default Domain Policy" GPO. ...
    (Focus-Microsoft)
  • Re: Assign password policy to OU
    ... Password policies defined in the Default Domain Policy GPO apply to ALL ... I created an OU called 'Estimators' and created a GPO called Estimator ...
    (microsoft.public.windows.server.active_directory)
  • Re: Using GPO to implement Password Policy
    ... you will need at least a separate server. ... Password, Kerberos, and Lockout policy. ... To use password policies you must use them at the domain level. ... I then attempted to then link this GPO to a test OU, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Passowrd complexity LOCAL Account
    ... Place this computer account into an OU. ... Then, link a new GPO to the OU, ... configuring the GPO's Account Policy like you want the local SAM to behave. ... > local user accounts with passwords that do not follow the ...
    (microsoft.public.win2000.group_policy)