Password Policy

Archived from groups: microsoft.public.win2000.security (More info?)

Hi.

We are about to implement a new password policy. We have one domain but we
have several companies (OU's) in this domain. What we would like to do is to
implement the password policy company by company. As far as I can see it is
possible to set password policy per OU, however most references to password
policy on Microsoft.com mentions only default domain policy. I've seen some
stating that the default domain policy overrides OU policies and that the
password policy has to be set in the default domain policy, but the
following article on Microsoft.com,
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/502.asp,
states OU policy override domain policy. I'm getting a bit confused. I'm
hoping someone can give me a straight answer to the following question: can
we implement a password policy per company? If the answer is yes, how do we
do it? If the answer is no, I would greatly appreciate an explanation why
not.

Thank you very much.

Regards,
Gaute
3 answers Last reply
More about password policy
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Steve.

    Thanks for taking time to answer my question. If I understand you correctly,
    if the user logs on locally on a computer that is a member of the domain, I
    can have different password policies? But as long as the users log on the
    domain, the domain level password policy rules?

    Regards,
    Gaute

    "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> skrev i melding
    news:V45Xc.89989$TI1.5309@attbi_s52...
    > Domain level password policy can not be overridden for "domain users". You
    can apply
    > it at the OU level however it will apply to only "local users" that logon
    to that
    > domain computer. --- Steve
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;255550 -- read
    this and
    > reference to "local accounts".
    >
    > "Gaute Bekeng" <baldrick4@hotmail.com> wrote in message
    > news:eg9VZdqiEHA.2848@TK2MSFTNGP10.phx.gbl...
    > > Hi.
    > >
    > > We are about to implement a new password policy. We have one domain but
    we
    > > have several companies (OU's) in this domain. What we would like to do
    is to
    > > implement the password policy company by company. As far as I can see it
    is
    > > possible to set password policy per OU, however most references to
    password
    > > policy on Microsoft.com mentions only default domain policy. I've seen
    some
    > > stating that the default domain policy overrides OU policies and that
    the
    > > password policy has to be set in the default domain policy, but the
    > > following article on Microsoft.com,
    > >
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/502.asp,
    > > states OU policy override domain policy. I'm getting a bit confused. I'm
    > > hoping someone can give me a straight answer to the following question:
    can
    > > we implement a password policy per company? If the answer is yes, how do
    we
    > > do it? If the answer is no, I would greatly appreciate an explanation
    why
    > > not.
    > >
    > > Thank you very much.
    > >
    > > Regards,
    > > Gaute
    > >
    > >
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    In article <uHtlHK0iEHA.3608@TK2MSFTNGP09.phx.gbl>, in the
    microsoft.public.win2000.security news group, Gaute Bekeng <baldrick4
    @hotmail.com> says...

    > Thanks for taking time to answer my question. If I understand you correctly,
    > if the user logs on locally on a computer that is a member of the domain, I
    > can have different password policies? But as long as the users log on the
    > domain, the domain level password policy rules?
    >

    Correct.

    --
    Paul Adare
    This posting is provided "AS IS" with no warranties, and confers no
    rights.
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks!
    Regards,
    Gaute

    "Paul Adare - MVP - Microsoft Virtual PC" <padare@newsguy.com> skrev i
    melding news:MPG.1b977da51e569eff989a2a@msnews.microsoft.com...
    > In article <uHtlHK0iEHA.3608@TK2MSFTNGP09.phx.gbl>, in the
    > microsoft.public.win2000.security news group, Gaute Bekeng <baldrick4
    > @hotmail.com> says...
    >
    > > Thanks for taking time to answer my question. If I understand you
    correctly,
    > > if the user logs on locally on a computer that is a member of the
    domain, I
    > > can have different password policies? But as long as the users log on
    the
    > > domain, the domain level password policy rules?
    > >
    >
    > Correct.
    >
    > --
    > Paul Adare
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
Ask a new question

Read More

Policy Default Domain Microsoft Windows