Re: Which overrides? AD or Domain Security Policy?

---

• From: "Austin Osuide" <austin@xxxxxxxxxxx>
• Date: Wed, 24 Oct 2007 22:22:17 +0100

---

Hi Brad,

Password policies in a Domain apply to every user account in the domain in W2K and WS03 AD.
This policy determines:
1. Password History
2. Max Passw Age
3. Min Passw Age
4. Complexity requirements and
5. Password should be stored using reversible encryption

The "Password Never expires" & "Password cannot be changed" Account Control settings are represented by flags on the userAccountControl attribute of a user object. You can set these individually for user objects, if you wish, and have them different for each user object.
See: http://support.microsoft.com/kb/305144

The two entities i.e. password policies and userAccountControl flags are not related.

Regards,

Austin


"Brad G" <BradG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:87A55C78-6BD1-4A8B-809B-A9F611F867BD@xxxxxxxxxxxxxxxx

I would like to apply strict password policy enforcement via Domain Security
policy, but need to test it first. We have a mostly mobile workforce and I
need to test the behavior for mobile users. What I would like to do is apply
it to the Domain Security Policy so it globally affects all users - but limit
it to just a few for testing at first.

So, if I enable the password requirements in Domain Security policy, but
have User A,B, C in the Active Directory individually configured at the
user-level for 'Password never expires" and "password cannot be changed" will
that over ride the domain security policy?
Another scenario would be if I wanted to apply it to all users except for an
administrator, etc, - is this how that would be managed?

Thanks!

.

---

• Follow-Ups:
  • Re: Which overrides? AD or Domain Security Policy?
    • From: Brad G

• Prev by Date: Re: Domain Controller Site Configuration
• Next by Date: Re: Which overrides? AD or Domain Security Policy?
• Previous by thread: 2003 SP1 and SP2 mixed domain controllers
• Next by thread: Re: Which overrides? AD or Domain Security Policy?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Which overrides? AD or Domain Security Policy? ... Will the individual user account settings override the Domain Security ... and have them different for each user object. ... So, if I enable the password requirements in Domain Security policy, but ... (microsoft.public.windows.server.active_directory) iis 6.0 application pool identity ... I setup the domain user account in the DC. ... following privileges under Domain Security Policy: ... Allow Logon as a Batch Job ... A process serving application pool 'Symphony' terminated unexpectedly. ... (microsoft.public.inetserver.iis) Re: Disabling domain password requirements ... Once these password policies have been set to enabled, ... "bernardl" wrote in message ... > I check the default domain security policy and the passord policys are all ... (microsoft.public.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2007-10