password policy

[Buggie Bumper]

Why is it that you have to set up the password policy in
the computers area in the default security policy when it
affects the users?

Does it have something to do with accessing that computer
over the network with a domain user account? If I log on
locally ( with a local user account, not a domain user
account ) there is no policy in place.

Thank you,

Buggie Bumper

 

[Chriss3]

Hello Buggie,

The Password Policy Setting can only be set at once in a GPO on the domain
node. If you set this policy in a GPO linked to an OU or Site it will
applies to local accounts of the effected computers.

 

[Marin Marinov]

<snip>
Password policies are enforced by the OS, specifically by the Local
Security Authority (LSA) subsystem. Hence, the configuration is in the
Computer section since you specify parameters for this OS service. It
affects user accounts but you need uniform "rules" in a domain or local
machine that's why password policies are the same for all users. For
domain accounts, password policies *must* be configured in a GPO linked
to the domain object since this is one of its major security
characteristics and there is a default password policy once you promote
the first DC. For local accounts, these are configured in the Local
security policy and by default there aren't any password policies
configured.

HTH
--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.