Re: Multiple password policies for ONE domain?

I saw elsewhere that is possible to have several GPOs at the domain level,
and the last password policy evaluated will "win".

You can only have one account policy at the domain level. Password policies
applied at the OU level only take affect when logging in locally to a
machine in that OU.

What do you mean by "last password policy" ?


hth
DDS

"Claude Lachapelle" <ClaudeLachapelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:B8794B8E-4303-48AE-A418-24F654D5D2D6@xxxxxxxxxxxxxxxx
I saw elsewhere that is possible to have several GPOs at the domain level,
and the last password policy evaluated will "win".

So, does security on those GPOs could be setted to have certain people
having specific settings (using groups), and others, others settings
defined
by default?

I will do some tests...

"Jorge Silva" wrote:

Hi
Unfortunately No. But I already heard something about some external tools
that do this, but I never test none of these tools.

--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Claude Lachapelle" <ClaudeLachapelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:178D5CF7-DBB8-48B0-8317-14EB96924A89@xxxxxxxxxxxxxxxx
Hi!

I would like to know, if this is possible to implement multiple
different
password policies for one domain?

I was thinking about using security on GPO objects (at domain level),
but
I'm not sure if the only password policy implemented is the one into
the
"Default Domain Policy", or it could be from any other GPO objects.

If multiple GPOs could be used, what will be the behavior of having 2-3
or
more different settings caming from different GPOs?

Thanks.

Claude Lachapelle
Systems Administrator, MCSE



.

Relevant Pages

  • Re: To those who designed Group Policy in Active Directory
    ... > policy(applied at domain level) and the strict password policy (applied to ... > the OU) were applying to that computer account. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password Policy & Complexity
    ... There is only one password policy for domain users in a ... domain and that is at the domain level in Domain Security Policy by default. ... password policy at the top GPO in the list and set complexity to disabled there. ... > I have reset all password policies to either being ...
    (microsoft.public.win2000.security)
  • Re: Where to set the domain password policy up?
    ... Account Policies applied to Domain Controllers apply to all accounts stored on domain controllers - that is, to all domain accounts in that domain! ... I'd say apply at the domain level still - to have consistent policy for domain accounts in the domain as well as for local accounts on all computers in that domain. ... > Is it better to set a domain password policy up at the domain node level ...
    (microsoft.public.windows.server.active_directory)
  • Re: Changing Time Issue / Password Question
    ... You can't set password policy at the OU level, it can only be set at the domain level and will impact all accounts in the domain. ... Reset the main Domain GPO password policy not to be complex did a gpupdate /force and then I was able to have a lower case password in a seperate OU. ... I uncheck the box to automatically adjust clock for daylight savings time because on Saturday night I do not want to the clock to change. ... So I created a GPO and set it not to inherit and did a gpupdate /force but it still makes me create a complex password with upper and lower case for this one user account? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain - enforce password policy
    ... Maximum password age 45 ... Only on domain level with the highest precedence all users will get the Password Policy. ... The way you linked the policy with Password settings -- to an OU - the local machine accounts will get the password policy (if computer accounts are in the OU, since those are Computer Configuration settings). ...
    (microsoft.public.windows.group_policy)