Re: Question on default domain password policy settings

Hello Dave,

You can not exclude some groups or accounts from the policy. Then you have to wait for server 2008, where you can set password policies for users or inetOrgPerson objects if they are used instead of user objects and global security groups.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Is it all or nothing? We want to enforce strict passwords but deny
certain gruops so they are unaffected.

Everything I read says this must be set at default domain policy on
the domain level and is NOT granular, ie its all or nothing.

Is this true? any workarounds?

Thanks

Dave MCSA Server 2003



.

Relevant Pages

  • RE: Companyweb and guests - advice?
    ... You can find the Default Domain policy under the following node: ... Open server management console, locate Advanced Management -> Group Policy ...
    (microsoft.public.windows.server.sbs)
  • RE: Group Policy Question
    ... My gut feeling is that there's a server problem. ... "Windows cannot query for the list of Group Policy objects. ... enabled (or select "enforced" for the Default Domain Policy). ...
    (microsoft.public.windows.server.general)
  • Re: Re: Security Event ID 534
    ... > server from the network! ... This error started occuring after we defined a domain security policy, ... took away the local member, IUSR account access. ... Apparently when you define a domain policy and there is no local ...
    (microsoft.public.win2000.security)
  • RE: Event ID 643
    ... win2k server. ... Event ID 643 has indicated that Domain Policy ... "Password Policy Change" does not distinguish between policy ...
    (microsoft.public.win2000.security)
  • Re: OSDINSTALLCD.EXE /cdboot
    ... Have you modified the Default Domain Policy for RIS Servers? ... In the Automatic Setup section, ... called Standard Server Group Policy. ...
    (microsoft.public.sms.tools)