Password Policy

[Guest]

Is it true that a 'password policy' can be applied only at the Domain level?
And that creating an OU that would block the Domain 'Password Policy' for
some machines will NOT work?
Is this an all or nothing deal with 'Password Policies"? Meaning you can
either apply them and all machines get them or you dont apply them and no one
gets them.

Thanks in advance

 

[Danny Sanders]

Account policies applied at the OU level only take affect when logging in
locally on a computer in that OU.

There may be third party app that can do this.

I was told their original thinking was if there are resources on a domain
sensitive enough to require strong account policies, creating a group of
users with a simple password policy would amount to MS allowing an admin to
create a security hole in their overall network design. They opted to
suggest you create another domain if you have the need for differing account
policies.

hth
DDS

 

[Guest]

Thanks for the answer...

This begs the question: why does MS even allow the creation of Password
Policies in other OUs if its not going to work? That option should be
grayed-out or simply not available.

 

[Danny Sanders]

It only take affect when logging in locally, which means you have to have a
local account on the computer, possibly as a way to centrally control local
logins for those who actually use local logins on their domain would be my
guess.

hth
DDS