[gptalk] Re: Problem in Group Policies

  • From: "Alan & Margaret" <syspro@xxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 9 Nov 2006 09:22:36 +1100

Hi Dhiraj,


Michael is correct about it being applied to all Users on Windows 2003. This
is because it is not a User policy, but a Machine policy that is applied to
the domain controller. Since the Domain controller decides on the rules for
passwords, not the user, the Domain controller applies it to all users. So
whenever you are trying to work out what Domain Password rules are in place,
you must check what settings the Domain controller receives, not what the
User or workstation receives.


Note: I believe that the password rules applied to the workstation via group
policy effects how change password is handled for local accounts. Therefore
you can set up different policies for different machine (local accounts) and
this can be different to the policy for Domain Controllers (domain accounts)


This may have changed on longhorn, but I presume the logic is similar, just
that the Domain controller may have become smarter and can support multiple
rules for different users.   



Alan Cuthbertson



 Policy Management Software:-



ADM Template Editor:-



Policy Log Reporter(Free)







From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Michael Pietrzak
Sent: Thursday, 9 November 2006 5:29 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Problem in Group Policies


Hi Dhiraj,


Password policies can only be applied to all users and not individual OU's.
Generally they are created at the domain level. This is by default. If you
want to selectively create and apply password policies, you need to use
third party tools like this...




Perhaps someone can confirm\deny this but I think they have changed this
behavior in Longhorn server.


Michael Pietrzak

San Diego State University



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Haritwal, Dhiraj
Sent: Wednesday, November 08, 2006 10:23 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Problem in Group Policies

Dear All,


I want to deploy Group policies on our Windows 2003 Domain so that I can use
Password Security feature. But If I will apply this on OU "Users" it will
applied for all users. I don't want to apply this policy on some Users like
administrator, someotheradmin ID's. Kindly tell me how I can exclude some
particular Users from this group policy.


Thanks for your support & have a nice day.



Thanks & Regards,

Dhiraj Haritwal

System Administrator

Sony India Pvt. Ltd.

A-31, Mohan Co-operative Industrial Estate,

Mathura Road, New Delhi - 110 044

Tel. No. : 011-66006276

Fax No. : 011-26959141, 26959143 

Cell No. : 9873585408



This email is confidential and intended only for the use of the individual
or entity named above and may contain information that is privileged. If you
are not the intended recipient, you are notified that any dissemination,
distribution or copying of this email is strictly prohibited. If you have
received this email in error, please notify us immediately by return email
or telephone and destroy the original message. - This mail is sent via Sony
Asia Pacific Mail Gateway. 


Other related posts: