It only take affect when logging in locally, which means you have to have a
local account on the computer, possibly as a way to centrally control local
logins for those who actually use local logins on their domain would be my
guess.
hth
DDS
"kiko" <(E-Mail Removed)> wrote in message
news:A8542BEB-5FD0-4E60-96B0-(E-Mail Removed)...
> Thanks for the answer...
>
> This begs the question: why does MS even allow the creation of Password
> Policies in other OUs if its not going to work? That option should be
> grayed-out or simply not available.
>
>
> "Danny Sanders" wrote:
>
>> Account policies applied at the OU level only take affect when logging in
>> locally on a computer in that OU.
>>
>> There may be third party app that can do this.
>>
>> I was told their original thinking was if there are resources on a domain
>> sensitive enough to require strong account policies, creating a group of
>> users with a simple password policy would amount to MS allowing an admin
>> to
>> create a security hole in their overall network design. They opted to
>> suggest you create another domain if you have the need for differing
>> account
>> policies.
>>
>> hth
>> DDS
>> "kiko" <(E-Mail Removed)> wrote in message
>> news:27622057-8C94-47AA-A93D-(E-Mail Removed)...
>> > Is it true that a 'password policy' can be applied only at the Domain
>> > level?
>> > And that creating an OU that would block the Domain 'Password Policy'
>> > for
>> > some machines will NOT work?
>> > Is this an all or nothing deal with 'Password Policies"? Meaning you
>> > can
>> > either apply them and all machines get them or you dont apply them and
>> > no
>> > one
>> > gets them.
>> >
>> > Thanks in advance
>>
>>
>>
|
Similar Threads
