Block inheritance for Account Policy

[Gary]

Hello,

I'm planning to implement account policy at our
organization. As far as I understand account policy gpo to
work it should be linked to domain.
I have couple OUs containing system computer ans user
accounts and I do not want to apply account policy to
theses containers. The question is if I can block
inheritance of account policy for these specific
containers? Are there any special rules when applying
account policy?

I will be very grateful for your help,
Thanks,
Gary

 

[Steven L Umbach]

Account policy for "domain" users can only be configured at the domain level. If
configured at any other level, it will be ignored for domain users but apply to local
user accounts on domain computers in the OU where it is configured. -- Steve

 

[Mark Renoden [MSFT]]

Hi Gary

Generally speaking, don't try to block domain wide account policy on special
accounts (service accounts etc) but rather use the options in the properties
of account itself such as "Password never expires". You then manually
change these passwords from time to time (something sensible) to reduce
successful attack likelihood.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.