Roger
Mon Apr 28 10:10:43 CDT 2008
Dobromir stated correctly that prior to Windows 2008 domains
there is only one account and password policy for domain accounts.
If one sets these at a different level (not at domain level) such as
your case on an OU, then the account and password policies will
have impact on machine local accounts defined on the computers
in that OU, which is why you were seeing what you report in the
GP results for machines in that OU.
Roger
"?????.?" <@discussions.microsoft.com> wrote in message
news:450C94D5-9E3F-4637-AA0F-815985FF4022@microsoft.com...
> Hi
> I didn't anderstand your answer, can U pleas explain broadly, the password
> policy
> is on the computer section, when u wrote " For domain accounts, the domain
> level password policy still applies", the computer object account are
> domain
> accounts, so what did u mean?
>
> Lior
>
> "Dobromir Todorov" wrote:
>
>> You can - but for accounts that reside in the local SAM databases of
>> computers in that OU. You will certainly notice that it only applies to
>> computers, and not to users. For domain accounts, the domain level
>> password
>> policy still applies.
>>
>> --
>> ---
>> HTH,
>> Dobromir
>>
>> Learn more about Security and Identity Management:
>> Visit
http://www.iamechanics.com
>>
>> "?????.?" <@discussions.microsoft.com> wrote in message
>> news:120460DB-2E9D-41B4-BD51-21A8FEDCFAED@microsoft.com...
>> > Hi
>> >
>> > As far as I know there can be only one password policy.
>> > I configured the main GPO in the root for specific password policy, I
>> > have
>> > an OU with blocked inheritance is checked, and I created a new gpo and
>> > linked
>> > it to this OU, this gpo have a diffrent set of password policy, I run
>> > the
>> > RSOP on the server under that OU, and I got the new set of password
>> > policy
>> > that is linked to this OU.
>> > So, Can I use a diffrent password policy in diffrent OU's ?
>> > or, I missing somthing?
>> >
>> > thanks
>> >
>> > Lior
>> >
>>
>>
>>