Password Policies

[Guest]

Is there a way to override the Password Policy in the
Default Domain Policy? I'm trying to assign a different
password policy to a certain group using a group policy
but the password settings are ignored. Instead the
password policy from the Default Domain Policy is applied.
Any work arounds?

 

[Tomasz Onyszko]

Is there a way to override the Password Policy in the
Default Domain Policy? I'm trying to assign a different
password policy to a certain group using a group policy
but the password settings are ignored. Instead the
password policy from the Default Domain Policy is applied.
Any work arounds?

No - there is any solution for this problem - password policy can be
only applied at the domain level. Maybe some day, in some next version
....

 

[Keith W. McCammon]

Have you set the specified OU to block inheritance of other policies and
explicitly set a policy for that OU to your liking?

 

[Guest]

I tried to block inheritance but it doesn't work either. I
guess there's only one password policy per domain. Thanks
for the replies.

 

[Joe Richards [MVP]]

Depending on what you are trying to do this may or may be possible.

If you are talking about policy on members of the domain, you can assign a new
GPO to an OU and place the machines in that OU and the policy should take for
any users ON that machine.

If this is for domain users, you only get one domain policy, however depending
on WHAT specifically you are trying to control, you may be able to implement it
with a custom password change notification filter.

joe

 

[Steve Riley [MSFT]]

No, this is by design. Password policies are per domain only. This ensures
that a domain will have a consistent policy across all users, thus not
putting it at risk by allowing possibly weaker passwords in a portion of the
domain.