default domain controller group policy newbie question...

[Guest]

when it comes to password complexity within the default domain controller
policy, what accounts is this referring to?

 

[ptwilliams]

When you set this policy, you set it at the domain level; that is, you
configure this option on the GPO that is linked to the Domain. The DCs then
grab and process this policy and it applies to all domain-based accounts in
the domain. This is one of the few reasons for additional domains; because
this is applicable to the entire domain only.

If you set this on an OU, it will only apply to local accounts on the
computers that processed this policy.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
when it comes to password complexity within the default domain controller
policy, what accounts is this referring to?

 

[Guest]

thanks ptwilliams. that answers that, but poses another question I have
then. If i want certain users to have more complex password requirements
than other "normal" users on the domain, where within Group Policy would I
set this?

chris

 

[ptwilliams]

You'd have to create another domain, and move those users into that domain.

This is domain specific. You cannot filter this onto some users and not
others. It is processed and applied to the domain controllers - who
authenticate you; not by users per-se.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
thanks ptwilliams. that answers that, but poses another question I have
then. If i want certain users to have more complex password requirements
than other "normal" users on the domain, where within Group Policy would I
set this?

chris