Hi Gary
Generally speaking, don't try to block domain wide account policy on special
accounts (service accounts etc) but rather use the options in the properties
of account itself such as "Password never expires". You then manually
change these passwords from time to time (something sensible) to reduce
successful attack likelihood.
Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email:
(E-Mail Removed)
Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Steven L Umbach" <(E-Mail Removed)> wrote in message
news:WpeIc.52497$JR4.11876@attbi_s54...
> Account policy for "domain" users can only be configured at the domain
> level. If
> configured at any other level, it will be ignored for domain users but
> apply to local
> user accounts on domain computers in the OU where it is configured. --
> Steve
>
> "Gary" <(E-Mail Removed)> wrote in message
> news:2aa2701c4672e$4a8715e0$(E-Mail Removed)...
>> Hello,
>>
>> I'm planning to implement account policy at our
>> organization. As far as I understand account policy gpo to
>> work it should be linked to domain.
>> I have couple OUs containing system computer ans user
>> accounts and I do not want to apply account policy to
>> theses containers. The question is if I can block
>> inheritance of account policy for these specific
>> containers? Are there any special rules when applying
>> account policy?
>>
>> I will be very grateful for your help,
>> Thanks,
>> Gary
>>
>
>
Similar Threads
