Re: Which overrides? AD or Domain Security Policy?

yes...password never expires and cannot change password overrides the settings on default domain policy GPO password settings

however, the structure of the password must still meet the password policy settings at the moment you set the password

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Brad G" <BradG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:87A55C78-6BD1-4A8B-809B-A9F611F867BD@xxxxxxxxxxxxxxxx
I would like to apply strict password policy enforcement via Domain Security
policy, but need to test it first. We have a mostly mobile workforce and I
need to test the behavior for mobile users. What I would like to do is apply
it to the Domain Security Policy so it globally affects all users - but limit
it to just a few for testing at first.

So, if I enable the password requirements in Domain Security policy, but
have User A,B, C in the Active Directory individually configured at the
user-level for 'Password never expires" and "password cannot be changed" will
that over ride the domain security policy?
Another scenario would be if I wanted to apply it to all users except for an
administrator, etc, - is this how that would be managed?

Thanks!

.

Relevant Pages

  • Re: Password complexity policy not being enforced
    ... I am actually referring to the Domain Security Policy. ... affect any local user account that is logging ...
    (microsoft.public.win2000.group_policy)
  • Re: using vbscript to edit Domain Security policy Complex Password setting
    ... AFAIK there is no public programmatic way to set that policy. ... > it fails to meet the new default complexity passwords settings in Win ... > the password and then re-enable the domain security policy. ... > automate somewhere in the script a way of disabling the complexity ...
    (microsoft.public.windows.server.scripting)
  • Re: Changed Domain Security Policy not changing
    ... I have set my domain security policy to no define passwords, no history, ... you have to keep the settings defined, but adjust their content to your needs, e.g. have require complexity defined but disabled, passwordlength defined but set to 0, ... ... Default DCs or any other policy would only affect local user accounts for the computers which the policy applies to. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Changed Domain Security Policy not changing
    ... I have set my domain security policy to no define passwords, no history, ... you have to keep the settings defined, but adjust their content to your needs, e.g. have require complexity defined but disabled, passwordlength defined but set to 0, ... ... Default DCs or any other policy would only affect local user accounts for the computers which the policy applies to. ...
    (microsoft.public.windows.server.active_directory)
  • Re: adding workstations to a Win2k domain
    ... This should be define in Domain Security Policy. ... "John" skrev i meddelandet ... >> I am trying to delegate permissions to allow a group of people to add ...
    (microsoft.public.windows.server.active_directory)
Loading