Account policy works only at domain level

C

Corrado

I've tried to create an account policy for limit password change limits but
it works only if the policy is created at domain level (where also Default
Domain Policy is present).
If I create the same policy at OU level, no setting is applied.

We have a w2000 domain in mixed mode with one NT4 BDC running.

Thanks
Corrado
 
S

Steven L Umbach

That is by design and one of the few settings that do not work like other GP
settings. For domain users, account policy can only be configured at the domain level
with no workarounds. If you configure at the OU level it will however be enforced on
local user accounts for computers in that OU. -- Steve
 
C

Corrado

Thank you Steven,
so I can stop to make me crazy understanding this strange thing.

bye
Corrado
 
S

Steven L Umbach

Create a GPO for that OU or modify an existing one to have the account policy you
want for local users that log onto the computers in that OU. Configure under computer
configuration/Windows settings/security settings/account policies. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Password Policy 3
Default Domain Policy 2003 7
password local policy in domain 2
Incorrect GPResult result 3
2003 Group Policy Default Domain Policy 2
Policy loopback causes domain-level policies to reapply 4
OU Policy not applied 2
Password Policy revisited 3

Top