Hoy Hugo, The password policy that is defined in the root, or at the domain controllers OU is domain wide, and will affect your AD accounts. If you set a password policy for a special machine OU for example , it will set the settings for that/those Local machines and local user accounts only !! Only Local accounts of those machines are subject to this policy, NOT domain accounts. Settings in "machine settings" always apply to the machines (HKLM) and need te be applied to machine OU's . Settings in "user settings" always apply to the users (HKCU) and need te be applied to User OU's . To make administration easyer i would suggest you don't mix the machine/user part of gpo's , and create one machine gpo, and one user gpo. Vriendelijke groeten, Cordialement, Kind Regards, Schillebeeks Bart Active Directory Security Consultant Small and Departmental Systems - NT Systems Fortis Bank Bart.schillebeeks@xxxxxxxxxxxxxx AD Internet Consulting BVBA Disclaimer: Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity.This Message is in no way legally binding and has to be viewed as a personal opinion of the sender. This message reflects in no way the views of FORTIS BANK and its associates and AD internet Consulting BVBA and its associates. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal ON:0470419019 www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Martin Hugo Sent: Wednesday, May 02, 2007 3:21 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Password Policy Creation Hello, I have always been led to believe that Password Policy (password life, complexity, etc.) is a domain-wide setting. Yet, I can create Gp Policies with password settings in them and apply them at the OU level below the root. Would this not result in different password requirements by OU? If so, do I apply the policy to a user OU or a Machine OU (since the setting is in the machine setings)? Thanks very much. Martin T. Hugo Network Administrator Hilliard City Schools Tel: 614-921-7102 Martin_Hugo@xxxxxxxx
= = = = = = = = = = = = = = = = = = = = = = = = = Fortis disclaimer : http://www.fortis.be/legal/disclaimer.htm Privacy policy related to banking activities of Fortis: http://www.fortisbank.be/legal/privacy_policy.htm = = = = = = = = = = = = = = = = = = = = = = = = =