From a Domain perspective, password policy settings essentially apply the new settings when the passwords are "changed". For example, say you have a "Maximum password age" set to 90 days (3 months). You then enable the "Password must meet complexity requirements" setting. At that point all users "changing" passwords will have to use complex password as the passwords are cycled for each user over the next 3 months. It'll take three months to apply. Also, your user account (usually service accounts) which may never expire will never be switched to using a complex password. We have over 150,000+ users and made a similar switch recently. No issues. All End User accounts are now switched and did so a bit at a time daily as they expired. Jerry From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Dave Palombi Sent: Thursday, April 17, 2008 1:26 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Password Policy What would happen if I changed the policy? Would users be asked to change their passwords right away? Dave On Thu, Apr 17, 2008 at 3:18 PM, Dave Palombi <dave.palombi@xxxxxxxxx<mailto:dave.palombi@xxxxxxxxx>> wrote: Darren, Thanks for the info. We are trying to migrate certain sections with different password policy's until everyone has been done then one big policy at the end. How would I be able to achive this. Dave On Thu, Apr 17, 2008 at 3:14 PM, Darren Mar-Elia <darren@xxxxxxxxxx<mailto:darren@xxxxxxxxxx>> wrote: Dave- Are you trying to apply password policy to a domain user or a local user account on a workstation or member server? Password policy, as you've noticed, does not apply to users. IT applies only to computers where the accounts reside. In the case of domain user accounts (i.e. held in AD), you can only set one password policy for a given domain and that must be in a GPO linked at the domain level. For local user accounts-those housed on member servers and workstations, you have to make sure that the GPO is linked to those containers where those computers reside, not the users. Darren From: gptalk-bounce@xxxxxxxxxxxxx<mailto:gptalk-bounce@xxxxxxxxxxxxx> [mailto:gptalk-bounce@xxxxxxxxxxxxx<mailto:gptalk-bounce@xxxxxxxxxxxxx>] On Behalf Of Dave Palombi Sent: Thursday, April 17, 2008 12:08 PM To: gptalk@xxxxxxxxxxxxx<mailto:gptalk@xxxxxxxxxxxxx> Subject: [gptalk] Password Policy Hello, I have a question about implementing a password policy. I am trying to implement a password policy and it works but it is not being applied to the user. All settings are with in the computer settings. When I do a gpresult, the policy shows under not applied section and this it says filtering: not applied (empty) Your thoughts. Dave