Password Policies

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I've organized my Active Directory into various OUs, and one of them is
called Remote Users.

If I create a GPO for this OU and check the Block Policy Inheritance
checkbox, would this mean that the computers in the Remote Users OU would be
excluded from the sitewide Password Policy rules as defined in the Default
Domain Policy?

I'm just trying to figure out someway around this restriction... as most of
you probably know salesmen are hard enough to deal with on a day-to-day basis
without giving them yet another task to do. (And yeah, it should be easy
enough but you should see some of the calls I get sometimes, heh.)

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Account policies are one to a domain. Account policies applied at the OU
level only take affect when the user logs onto a computer in that OU
locally.

On a domain with information sensitive enough to require "strong" passwords,
setting some users with "simple" password amounts to the domain admin
creating a security hole.

Differing password requirements is one major reason for creating another
domain.

hth
DDS W 2k MVP MCSE

"Rene Heroux" <ReneHeroux@discussions.microsoft.com> wrote in message
news:FE9290CF-5D8D-47B5-ABC1-5F56D31C7E72@microsoft.com...
> I've organized my Active Directory into various OUs, and one of them is
> called Remote Users.
>
> If I create a GPO for this OU and check the Block Policy Inheritance
> checkbox, would this mean that the computers in the Remote Users OU would
> be
> excluded from the sitewide Password Policy rules as defined in the Default
> Domain Policy?
>
> I'm just trying to figure out someway around this restriction... as most
> of
> you probably know salesmen are hard enough to deal with on a day-to-day
> basis
> without giving them yet another task to do. (And yeah, it should be easy
> enough but you should see some of the calls I get sometimes, heh.)

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

You can not override the domain policy for domain users. If you apply a GPO with
another policy to an OU, it will set the policy for the local workstations and
the userids that exist on those workstations. Any user using a domain ID on
those workstations would still have the domain policy applied to them.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Rene Heroux wrote:
> I've organized my Active Directory into various OUs, and one of them is
> called Remote Users.
>
> If I create a GPO for this OU and check the Block Policy Inheritance
> checkbox, would this mean that the computers in the Remote Users OU would be
> excluded from the sitewide Password Policy rules as defined in the Default
> Domain Policy?
>
> I'm just trying to figure out someway around this restriction... as most of
> you probably know salesmen are hard enough to deal with on a day-to-day basis
> without giving them yet another task to do. (And yeah, it should be easy
> enough but you should see some of the calls I get sometimes, heh.)