[gptalk] Re: Password Policy Creation

  • From: <bart.schillebeeks@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 2 May 2007 15:40:28 +0200

Hoy Hugo, 
The password policy that is defined in the root, or at the domain controllers 
OU is domain wide, and will affect your AD accounts. 
If you set a password policy for a special machine OU for example , it will set 
the settings for that/those Local machines and local user accounts only !!
Only Local accounts of those machines are subject to this policy, NOT domain 
Settings in "machine settings" always apply to the machines (HKLM) and need te 
be applied to machine OU's . 
 Settings in "user settings" always apply to the users (HKCU) and need te be 
applied to User OU's . 
To make administration easyer i would suggest you don't mix the machine/user 
part of gpo's , and create one machine gpo, and one user gpo. 

Vriendelijke groeten,
Kind Regards, 
Schillebeeks Bart
Active Directory Security Consultant
Small and Departmental Systems - NT Systems Fortis Bank
AD Internet Consulting BVBA

Any views expressed in this message are those of the individual sender, except 
where the message states otherwise and the sender is authorised to state them 
to be the views of any such entity.This Message is in no way legally binding 
and has to be viewed as a personal opinion of the sender. This message reflects 
in no way the views of FORTIS BANK and its associates and AD internet 
Consulting BVBA and its associates. Unless otherwise stated, any pricing 
information given in this message is indicative only, is subject to change and 
does not constitute an offer to deal at any price quoted. Any reference to the 
terms of executed transactions should be treated as preliminary only and 
subject to our formal written confirmation.

AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal ON:0470419019 
www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Martin Hugo
Sent: Wednesday, May 02, 2007 3:21 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Password Policy Creation


I have always been led to believe that Password Policy (password life, 
complexity, etc.) is a domain-wide setting.  Yet, I can create Gp Policies with 
password settings in them and apply them at the OU level below the root.  Would 
this not result in different password requirements by OU?

If so, do I apply the policy to a user OU or a Machine OU (since the setting is 
in the machine setings)?

Thanks very much.

Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102

= = = = = = = = = = = = = = = = = = = = = = = = =
Fortis disclaimer :

Privacy policy related to banking activities of Fortis:
= = = = = = = = = = = = = = = = = = = = = = = = =

Other related posts: