Hi Dhiraj, Michael is correct about it being applied to all Users on Windows 2003. This is because it is not a User policy, but a Machine policy that is applied to the domain controller. Since the Domain controller decides on the rules for passwords, not the user, the Domain controller applies it to all users. So whenever you are trying to work out what Domain Password rules are in place, you must check what settings the Domain controller receives, not what the User or workstation receives. Note: I believe that the password rules applied to the workstation via group policy effects how change password is handled for local accounts. Therefore you can set up different policies for different machine (local accounts) and this can be different to the policy for Domain Controllers (domain accounts) This may have changed on longhorn, but I presume the logic is similar, just that the Domain controller may have become smarter and can support multiple rules for different users. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir <http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml> &f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir <http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml> &f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir <http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml> &f=policyreporter.shtml _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Pietrzak Sent: Thursday, 9 November 2006 5:29 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Problem in Group Policies Hi Dhiraj, Password policies can only be applied to all users and not individual OU's. Generally they are created at the domain level. This is by default. If you want to selectively create and apply password policies, you need to use third party tools like this... http://www.specopssoft.com/products/specopspasswordpolicy/Default.asp Perhaps someone can confirm\deny this but I think they have changed this behavior in Longhorn server. Michael Pietrzak San Diego State University _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Haritwal, Dhiraj Sent: Wednesday, November 08, 2006 10:23 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Problem in Group Policies Dear All, I want to deploy Group policies on our Windows 2003 Domain so that I can use Password Security feature. But If I will apply this on OU "Users" it will applied for all users. I don't want to apply this policy on some Users like administrator, someotheradmin ID's. Kindly tell me how I can exclude some particular Users from this group policy. Thanks for your support & have a nice day. Thanks & Regards, Dhiraj Haritwal System Administrator Sony India Pvt. Ltd. A-31, Mohan Co-operative Industrial Estate, Mathura Road, New Delhi - 110 044 Tel. No. : 011-66006276 Fax No. : 011-26959141, 26959143 Cell No. : 9873585408 _____ This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway. _____