NEW GPO Policy

S

striffy

Hi,
Was testing my Lab set-up for AD 2003.
I've created a simple Password Policy (turned off complex password).
Applied / Linked this to the Users OU. Unfortunately it still asks for
a complex password, so I then tried Blocking Inheritence to stop the
Default Domain Policy, but still no luck.
Can someone help me? or is it not possible, does it have to be done in
the Default Domain Policy?
Thanks
 
P

Paul Adare

Hi,
Was testing my Lab set-up for AD 2003.
I've created a simple Password Policy (turned off complex password).
Applied / Linked this to the Users OU.
Click to expand...

By default Users is a container object and not an OU which means you
can't link a GPO to it. I'm assuming that you've created an OU and moved
the user accounts there. Not that this really matters for what you're
trying to do here.
Unfortunately it still asks for
a complex password, so I then tried Blocking Inheritence to stop the
Default Domain Policy, but still no luck.
Can someone help me? or is it not possible, does it have to be done in
the Default Domain Policy?
Click to expand...

Password policy can only be set at the domain level for it to affect
domain user accounts.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
 
S

striffy

* What I did was create a new Container named TEST nad then created 3
more containers under that, USERS - Computers - Servers, I guess I
called them a OU as when creating them (right Click) Windows calls it
new-Organizational Unit, but I guess it's really a container.

*If the Password Policy can only be set at Domain Level, then would
that make it impossible to set different password policies for
different Containers?
EG, have a conatiner for Managers and one for Other Staff, have
Managers with complex password policy and Other Staff without complex
passwords policy?
Cheers
 
P

Paul Adare

* What I did was create a new Container named TEST nad then created 3
more containers under that, USERS - Computers - Servers, I guess I
called them a OU as when creating them (right Click) Windows calls it
new-Organizational Unit, but I guess it's really a container.
Click to expand...

No, in this case you did create an OU. At the top level, the Computers
and Users "folder" are not OUs but are in fact containers. Notice how
the icons that represent Users and Computers at the top level differ
from the one that represents Domain Controllers, which is an OU.
*If the Password Policy can only be set at Domain Level, then would
that make it impossible to set different password policies for
different Containers?
Click to expand...

Yes. One password policy for the entire domain.
EG, have a conatiner for Managers and one for Other Staff, have
Managers with complex password policy and Other Staff without complex
passwords policy?
Cheers
Click to expand...

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

domain security policy 6
Default Domain Policy 5
Basic GPO Question 4
Password Policy 1
GPO policy update 1
Password Policy 4
Password Policy 1
Domain Password Policy 3

Top