Re: GPO doesn´t apply.

---

• From: Meinolf Weber <meiweb(nospam)@gmx.de>
• Date: Wed, 19 Sep 2007 13:55:08 +0000 (UTC)

---

Hello Carlos,

You can set the password policy only on domain level, not on OU's. With server 2008 this will be possible. It is not possible to block the password policy for some users.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Florian,

I linked the policy first to an OU which contains all my non built-in
accounts and then to an OU which contains all my workstation. However,
it has not worked.

If i have to link the policy to the domain how i can exclude built-in
accounts to change their password periodically?

Many Thanks

Regards

Carlos Sabelli

"Florian Frommherz [MVP]" wrote:

Carlos schrieb:

However, the policy doesn´t apply to users.

I suspect that there is a problem with Active Directory because when
i run DCDIAG the following error occurs:

[log output]

Are these facts related?

Not neccessarily. DCDIAG will throw a warning whenever there are
events in the eventlog. Check those events and see if they point to a
serious error.

Where did you link the policy to? Remember: it must be linked at
domain level and has to have the highest procedence (over all other
password policy GPs). In order to take effect over an account, the
user needs to change the password. Users won't be prompted to change
their passwords if they are valid.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.

.

---

• Follow-Ups:
  • Re: GPO doesn´t apply.
    • From: Florian Frommherz [MVP]
  • Re: GPO doesn´t apply.
    • From: Carlos

• Prev by Date: Re: Active Directory Permission
• Next by Date: help on login script
• Previous by thread: Re: GPO doesn´t apply.
• Next by thread: Re: GPO doesn´t apply.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Security Logon/Logoff Events ... I haven't yet set password policy or configured account lockout policy so I ... will do that in due course to fully secure the server. ... (microsoft.public.windows.server.sbs) Re: Problem With Password Policy ... Policy on the nearest OU to the userobject takes precedence. ... password policy is an exception and can only be set on domain level. ... All users are picked by a domain level policy. ... Instead of the website you're using, I suggest to use OEx (Outlook Express ... (microsoft.public.windows.server.active_directory) Re: Group Policy Not Applying to an OU ... Windows Server 2003 Mode and not mixed. ... The policy that applies is the domain level policy and ... > Computer Configuration part of the GPO it will not be applied. ... >> If I placed the GPO at the domain level, it applied, but it does not ... (microsoft.public.windows.group_policy) Re: Password Restrictions ... That's where I linked the policy. ... I created a policy at the domain level ... > Domain Policy" GPO. ... My server is a Win2K and the workstation is a WinXP. ... (microsoft.public.win2000.active_directory) Re: 2003 Domain Password Policy with NT 4.0 Workstations ... The only way to exclude users from adhering to the domain password policy is ... > running Windows NT 4.0, so would the following scenario work? ... Modify the Default Domain Policy and remove the Account ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2007-09