Sign in with
Sign up | Sign in
Your question

A policy to override the default domain policy?

Last response: in Windows 2000/NT
Share
March 31, 2005 4:10:38 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Our default domain policy locks an account out after 5 incorrect attempts. I
have a web server with local usernames that frequently get locked out (I
dont know why users cant just copy and paste the passwords I send them...)

is it possible to create another domain policy that only applies to a single
machine - and which overrides the default domain policy? (If so, how would I
acheive that?)

Thanks,
Grant
Anonymous
March 31, 2005 7:42:00 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Nope, you would need to remove the machine from the domain and use local
accounts. All domain accounts will use the domain password policy
uniformly.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm


"Grant" <gpsnett@hotmail.com> wrote in message
news:ePQMJJeNFHA.1948@TK2MSFTNGP14.phx.gbl...
> Our default domain policy locks an account out after 5 incorrect attempts.
> I have a web server with local usernames that frequently get locked out (I
> dont know why users cant just copy and paste the passwords I send them...)
>
> is it possible to create another domain policy that only applies to a
> single machine - and which overrides the default domain policy? (If so,
> how would I acheive that?)
>
> Thanks,
> Grant
>
Anonymous
April 1, 2005 1:15:07 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"Nick Finco [MSFT]" <nfinco@online.microsoft.com> said

> Nope, you would need to remove the machine from the domain and use local
> accounts. All domain accounts will use the domain password policy
> uniformly.
>

If he's talking about IIS, wouldn't it be possible to login using machine
\username instead of the domain username?

--

Andy.
Related resources
Anonymous
April 4, 2005 3:10:31 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Yes, if he has an overriding GPO set at the OU level for the server that
blocks the password policy he has set for his domain. This would only work
for local accounts though and might also override other domain level
settings he desires.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm


"Andrew Mitchell" <amitchell@removecasey.vic.gov.au> wrote in message
news:Xns962B9B69F5B5AAA12F32EDB83F@207.46.248.16...
> "Nick Finco [MSFT]" <nfinco@online.microsoft.com> said
>
>> Nope, you would need to remove the machine from the domain and use local
>> accounts. All domain accounts will use the domain password policy
>> uniformly.
>>
>
> If he's talking about IIS, wouldn't it be possible to login using machine
> \username instead of the domain username?
>
> --
>
> Andy.
April 8, 2005 2:44:07 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Ah ok so I can create an OU and place that machine in there with its own
policy that overrides the global policy. Can I copy the global policy to the
new OU and simply change the settings I dont want? That way I keep all the
original settings and change the ones I dont need.


"Nick Finco [MSFT]" <nfinco@online.microsoft.com> wrote in message
news:%23yR4XGUOFHA.2748@TK2MSFTNGP09.phx.gbl...
> Yes, if he has an overriding GPO set at the OU level for the server that
> blocks the password policy he has set for his domain. This would only
> work for local accounts though and might also override other domain level
> settings he desires.
>
> N
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
> rights. Any opinions or policies stated within are my own and do not
> necessarily constitute those of my employer. Use of included script
> samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> "Andrew Mitchell" <amitchell@removecasey.vic.gov.au> wrote in message
> news:Xns962B9B69F5B5AAA12F32EDB83F@207.46.248.16...
>> "Nick Finco [MSFT]" <nfinco@online.microsoft.com> said
>>
>>> Nope, you would need to remove the machine from the domain and use local
>>> accounts. All domain accounts will use the domain password policy
>>> uniformly.
>>>
>>
>> If he's talking about IIS, wouldn't it be possible to login using machine
>> \username instead of the domain username?
>>
>> --
>>
>> Andy.
>
>
Anonymous
April 8, 2005 7:39:17 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

If you're copying GPOs, you should look into using GPMC. I think it works
against Win2k domains from XP workstations or 2k3 servers.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm


"Grant" <gpsnett@hotmail.com> wrote in message
news:eR52G%23BPFHA.2700@TK2MSFTNGP10.phx.gbl...
> Ah ok so I can create an OU and place that machine in there with its own
> policy that overrides the global policy. Can I copy the global policy to
> the new OU and simply change the settings I dont want? That way I keep all
> the original settings and change the ones I dont need.
>
>
> "Nick Finco [MSFT]" <nfinco@online.microsoft.com> wrote in message
> news:%23yR4XGUOFHA.2748@TK2MSFTNGP09.phx.gbl...
>> Yes, if he has an overriding GPO set at the OU level for the server that
>> blocks the password policy he has set for his domain. This would only
>> work for local accounts though and might also override other domain level
>> settings he desires.
>>
>> N
>>
>> --
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights. Any opinions or policies stated within are my own and do not
>> necessarily constitute those of my employer. Use of included script
>> samples are subject to the terms specified at
>> http://www.microsoft.com/info/cpyright.htm
>>
>>
>> "Andrew Mitchell" <amitchell@removecasey.vic.gov.au> wrote in message
>> news:Xns962B9B69F5B5AAA12F32EDB83F@207.46.248.16...
>>> "Nick Finco [MSFT]" <nfinco@online.microsoft.com> said
>>>
>>>> Nope, you would need to remove the machine from the domain and use
>>>> local
>>>> accounts. All domain accounts will use the domain password policy
>>>> uniformly.
>>>>
>>>
>>> If he's talking about IIS, wouldn't it be possible to login using
>>> machine
>>> \username instead of the domain username?
>>>
>>> --
>>>
>>> Andy.
>>
>>
>
>
!