I've tried to create an account policy for limit password change limits but
it works only if the policy is created at domain level (where also Default
Domain Policy is present).
If I create the same policy at OU level, no setting is applied.

We have a w2000 domain in mixed mode with one NT4 BDC running.

Thanks
Corrado

That is by design and one of the few settings that do not work like other GP
settings. For domain users, account policy can only be configured at the domain level
with no workarounds. If you configure at the OU level it will however be enforced on
local user accounts for computers in that OU. -- Steve



"Corrado" <(E-Mail Removed)> wrote in message
news:uH%(E-Mail Removed)...
> I've tried to create an account policy for limit password change limits but
> it works only if the policy is created at domain level (where also Default
> Domain Policy is present).
> If I create the same policy at OU level, no setting is applied.
>
> We have a w2000 domain in mixed mode with one NT4 BDC running.
>
> Thanks
> Corrado
>
>

Thank you Steven,
so I can stop to make me crazy understanding this strange thing.

bye
Corrado


"Steven L Umbach" <(E-Mail Removed)> ha scritto nel messaggio
news:CPjxc.67949$Ly.62324@attbi_s01...
> That is by design and one of the few settings that do not work like other
GP
> settings. For domain users, account policy can only be configured at the
domain level
> with no workarounds. If you configure at the OU level it will however be
enforced on
> local user accounts for computers in that OU. -- Steve
>
>
>
> "Corrado" <(E-Mail Removed)> wrote in message
> news:uH%(E-Mail Removed)...
> > I've tried to create an account policy for limit password change limits
but
> > it works only if the policy is created at domain level (where also
Default
> > Domain Policy is present).
> > If I create the same policy at OU level, no setting is applied.
> >
> > We have a w2000 domain in mixed mode with one NT4 BDC running.
> >
> > Thanks
> > Corrado
> >
> >
>
>

How can i enforce on local user accounts for computers in that OU?

"Steven L Umbach" <(E-Mail Removed)> wrote in message
news:CPjxc.67949$Ly.62324@attbi_s01...
> That is by design and one of the few settings that do not work like other
GP
> settings. For domain users, account policy can only be configured at the
domain level
> with no workarounds. If you configure at the OU level it will however be
enforced on
> local user accounts for computers in that OU. -- Steve
>
>
>
> "Corrado" <(E-Mail Removed)> wrote in message
> news:uH%(E-Mail Removed)...
> > I've tried to create an account policy for limit password change limits
but
> > it works only if the policy is created at domain level (where also
Default
> > Domain Policy is present).
> > If I create the same policy at OU level, no setting is applied.
> >
> > We have a w2000 domain in mixed mode with one NT4 BDC running.
> >
> > Thanks
> > Corrado
> >
> >
>
>

Create a GPO for that OU or modify an existing one to have the account policy you
want for local users that log onto the computers in that OU. Configure under computer
configuration/Windows settings/security settings/account policies. --- Steve


"G. Ettlin" <(E-Mail Removed)> wrote in message
news:%23LBT%(E-Mail Removed)...
> How can i enforce on local user accounts for computers in that OU?
>
> "Steven L Umbach" <(E-Mail Removed)> wrote in message
> news:CPjxc.67949$Ly.62324@attbi_s01...
> > That is by design and one of the few settings that do not work like other
> GP
> > settings. For domain users, account policy can only be configured at the
> domain level
> > with no workarounds. If you configure at the OU level it will however be
> enforced on
> > local user accounts for computers in that OU. -- Steve
> >
> >
> >
> > "Corrado" <(E-Mail Removed)> wrote in message
> > news:uH%(E-Mail Removed)...
> > > I've tried to create an account policy for limit password change limits
> but
> > > it works only if the policy is created at domain level (where also
> Default
> > > Domain Policy is present).
> > > If I create the same policy at OU level, no setting is applied.
> > >
> > > We have a w2000 domain in mixed mode with one NT4 BDC running.
> > >
> > > Thanks
> > > Corrado
> > >
> > >
> >
> >
>
>