Password Policies

[Guest]

I've organized my Active Directory into various OUs, and one of them is
called Remote Users.

If I create a GPO for this OU and check the Block Policy Inheritance
checkbox, would this mean that the computers in the Remote Users OU would be
excluded from the sitewide Password Policy rules as defined in the Default
Domain Policy?

I'm just trying to figure out someway around this restriction... as most of
you probably know salesmen are hard enough to deal with on a day-to-day basis
without giving them yet another task to do. (And yeah, it should be easy
enough but you should see some of the calls I get sometimes, heh.)

 

[Danny Sanders]

Account policies are one to a domain. Account policies applied at the OU
level only take affect when the user logs onto a computer in that OU
locally.

On a domain with information sensitive enough to require "strong" passwords,
setting some users with "simple" password amounts to the domain admin
creating a security hole.

Differing password requirements is one major reason for creating another
domain.

hth
DDS W 2k MVP MCSE

 

[Joe Richards [MVP]]

You can not override the domain policy for domain users. If you apply a GPO with
another policy to an OU, it will set the policy for the local workstations and
the userids that exist on those workstations. Any user using a domain ID on
those workstations would still have the domain policy applied to them.

joe