Password Policies

Archived from groups: microsoft.public.win2000.security (More info?)

I've organized my Active Directory into various OUs, and one of them is
called Remote Users.

If I create a GPO for this OU and check the Block Policy Inheritance
checkbox, would this mean that the computers in the Remote Users OU would be
excluded from the sitewide Password Policy rules as defined in the Default
Domain Policy?

I'm just trying to figure out someway around this restriction... as most of
you probably know salesmen are hard enough to deal with on a day-to-day basis
without giving them yet another task to do. (And yeah, it should be easy
enough but you should see some of the calls I get sometimes, heh.)
2 answers Last reply
More about password policies
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Account policies are one to a domain. Account policies applied at the OU
    level only take affect when the user logs onto a computer in that OU
    locally.

    On a domain with information sensitive enough to require "strong" passwords,
    setting some users with "simple" password amounts to the domain admin
    creating a security hole.

    Differing password requirements is one major reason for creating another
    domain.

    hth
    DDS W 2k MVP MCSE

    "Rene Heroux" <ReneHeroux@discussions.microsoft.com> wrote in message
    news:FE9290CF-5D8D-47B5-ABC1-5F56D31C7E72@microsoft.com...
    > I've organized my Active Directory into various OUs, and one of them is
    > called Remote Users.
    >
    > If I create a GPO for this OU and check the Block Policy Inheritance
    > checkbox, would this mean that the computers in the Remote Users OU would
    > be
    > excluded from the sitewide Password Policy rules as defined in the Default
    > Domain Policy?
    >
    > I'm just trying to figure out someway around this restriction... as most
    > of
    > you probably know salesmen are hard enough to deal with on a day-to-day
    > basis
    > without giving them yet another task to do. (And yeah, it should be easy
    > enough but you should see some of the calls I get sometimes, heh.)
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    You can not override the domain policy for domain users. If you apply a GPO with
    another policy to an OU, it will set the policy for the local workstations and
    the userids that exist on those workstations. Any user using a domain ID on
    those workstations would still have the domain policy applied to them.

    joe

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    www.joeware.net


    Rene Heroux wrote:
    > I've organized my Active Directory into various OUs, and one of them is
    > called Remote Users.
    >
    > If I create a GPO for this OU and check the Block Policy Inheritance
    > checkbox, would this mean that the computers in the Remote Users OU would be
    > excluded from the sitewide Password Policy rules as defined in the Default
    > Domain Policy?
    >
    > I'm just trying to figure out someway around this restriction... as most of
    > you probably know salesmen are hard enough to deal with on a day-to-day basis
    > without giving them yet another task to do. (And yeah, it should be easy
    > enough but you should see some of the calls I get sometimes, heh.)
Ask a new question

Read More

Policy Active Directory Windows