2003 Domain Password Policy on NT 4.0 Workstation

[Rob Lowe]

Hi -

I have a client in th eprocess of migrating from Windows NT 4.0 SP6 with the
AD-aware client to Windows XP SP1.

We would like to apply a more stringent password policy to the domain to
force periodic password changes, retaining password history and requiring
complex passwords, but only to those users that have been migrated to
Windows XP since the new password policy will be discussed during training.

Since I don't want to apply a restrictive password policy to my users still
running Windows NT 4.0, would the following scenario work?

1. Modify the Default Domain Policy and remove the Account
Policies/Password Policy settings.
2. Create a new GPO object and define the Account Policies/Password Policy
settings in the new GPO object.
3. Define a security filter so that the GPO with defined Account
Policies/Password Policy settings is only processed by security group
containing user accounts that have been migrated to Windows XP.

If this scenario would work, should this GPO be linked before or after the
Default Domain Policy is processed?

Cheers!
-Rob

 

[Chriss3]

Note if you define a password policy within a GPO you ONLY define the
password policy on the local machines the particular policy applies to.

Use Domain Security Policy snapin to define the Domain Password Policy

Start-> Settings -> Control Panel -> Administrative Tools -> Domain Security
Policy

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1