Question About Domain Account Policies
cnfuzzd
Member Posts: 208
So, in my reading, it appears that your default domain policy will always govern account policies, such as when passwords expire and such. Is this accurate? If I want to make an OU for user accounts whose passwords I want to never expire, how would I go about this if the above is accurate?
Thanks!
John
Thanks!
John
__________________________________________
Work In Progress: BSCI, Sharepoint
Work In Progress: BSCI, Sharepoint
Comments
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Get Server 2008
Password policies on OUs only apply to local accounts on the computers in those OUs. Password policies are domain-wide in 2003. -
meadIT
Member Posts: 581 ■■■■□□□□□□
I'm sure someone will correct me if I'm wrong, but here goes:
Group Policies are applied in DSOU order.. Domain, Site, OU. Since the OU is the last to be applied, I think that the Password Policies set in the OU would overwrite any from the Domain or Site, providing that you don't have any special settings such as Block Overwrite, etc.CERTS: VCDX #110 / VCAP-DCA #500 (v5 & 4) / VCAP-DCD #10(v5 & 4) / VCP 5 & 4 / EMCISA / MCSE 2003 / MCTS: Vista / CCNA / CCENT / Security+ / Network+ / Project+ / CIW Database Design Specialist, Professional, Associate -
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
XtreemeChaos wrote:I'm sure someone will correct me if I'm wrong, but here goes:
Group Policies are applied in DSOU order.. Domain, Site, OU. Since the OU is the last to be applied, I think that the Password Policies set in the OU would overwrite any from the Domain or Site, providing that you don't have any special settings such as Block Overwrite, etc.
LSDOU(CH)
Local, Site, Domain, OU, ChildOU.All things are possible, only believe. -
astorrs
Member Posts: 3,139 ■■■■■■□□□□
Actually it's LSDOU, and dynamik is right. In 2003 password policies applied to anywhere but the domain root only apply to local accounts.XtreemeChaos wrote:I'm sure someone will correct me if I'm wrong, but here goes:
Group Policies are applied in DSOU order.. Domain, Site, OU. Since the OU is the last to be applied, I think that the Password Policies set in the OU would overwrite any from the Domain or Site, providing that you don't have any special settings such as Block Overwrite, etc. -
cnfuzzd
Member Posts: 208
so pretty much there is no way to remove the requirement on this group of users to change their passwords without breaking them out into a new domain?
John__________________________________________
Work In Progress: BSCI, Sharepoint -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
cnfuzzd wrote:so pretty much there is no way to remove the requirement on this group of users to change their passwords without breaking them out into a new domain?
John
Or by using local accounts. Which might be a viable option if it's only something like two accountants. Otherwise, yes, you'd need to make a new domain.
Like I said originally, you could always upgrade to 2008 as well. -
royal
Member Posts: 3,352 ■■■■□□□□□□
Upgrade to Server 2008 IMO. Creating a new domain when Server 2008 has this capability is just beyond ridiculous.“For success, attitude is equally as important as ability.” - Harry F. Banks -
cnfuzzd
Member Posts: 208
thanks guys. I am going with the third option, the "tell the users to deal with it". changing a password is not hard, and is a good idea. I was just curious as I just read this last night and its always exciting to learn something new!
Thanks Again
John__________________________________________
Work In Progress: BSCI, Sharepoint
