Password Policy and GPO's

G

Guest

Can you enforce a password policy(length, complexity, lockout etc.) on an
Organizational Unit through a group policy? Or is it true that the only way
you can establish this type of policy is through the Domain Security Policy
on the root of the domain. Thanks in advance.

Jason
 
K

Ken B

Jason-

Yep, you were right... Password policies can be applied only to a domain.
If you need to use separate password policies, then you should use separate
domains.

Good luck!

Ken
 
C

Cary Shultz [A.D. MVP]

Jason,

Both are correct. It just depends on what you are trying to do!

The Password Policy can be set only at the Domain Level and is best
configured through the Domain Security Policy. This will affect your domain
user account objects. All of them.

Now, if you want to set up password policies at the OU level you can do this
as well. However, these policies will -NOT- apply to your domain user
account objects. They will, however, apply to anyone who might log
on -LOCALLY- to any computer account objects that are located in an OU to
which this policy is linked. So, if you have Mary who likes to log on
locally ( not sure why this would be allowed or desired, but then again what
do I know? ) then her local account would be affected by that policy.

Does this help you?

Cary
 
G

Guest

Thanks for the effort! Doesn't help though.

Cary Shultz said:
Jason,

Both are correct. It just depends on what you are trying to do!

The Password Policy can be set only at the Domain Level and is best
configured through the Domain Security Policy. This will affect your domain
user account objects. All of them.

Now, if you want to set up password policies at the OU level you can do this
as well. However, these policies will -NOT- apply to your domain user
account objects. They will, however, apply to anyone who might log
on -LOCALLY- to any computer account objects that are located in an OU to
which this policy is linked. So, if you have Mary who likes to log on
locally ( not sure why this would be allowed or desired, but then again what
do I know? ) then her local account would be affected by that policy.

Does this help you?

Cary
Click to expand...
 
C

Cary Shultz [A.D. MVP]

What does not help?

What part do you not understand? I will find another way to explain it ;-)

Cary
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Group Policy Not Being Applied?? 11
cannot change account policies 3
Windows 2003 Password Policy 1
Password Policy 1
GPO Password Policy is applied but not working 4
Password policy not enforced 1
Using Group Policy to define a Password Policy 1
policy 2

Top