1. oBdA1,422,703
2. Mestha692,297
3. dstewartjr621,993
4. mkline71612,292
5. demazter554,995
6. ChiefIT497,606
7. Chris-Dent497,343
8. henjoh09476,359
9. tigermatt417,746
10. leew403,306
11. bluntTony397,255
12. dariusg378,502
13. KCTS345,515
14. MightySW276,102
15. chuku266,747
16. Americom209,316
17. Paranorm...192,453
18. alanhardisty183,263
19. speshalyst171,245
20. zelron22165,033
21. xxdcmast148,779
22. ryansoto144,206
23. hypercat129,721
24. PeteJTho...127,562
25. RobWill122,315

1. oBdA4,678,837
2. Netman663,434,934
3. KCTS3,260,911
4. Jay_Jay702,681,410
5. leew2,185,620
6. Sembee1,825,283
7. TechSoEasy1,750,405
8. Chris-Dent1,580,495
9. ChiefIT1,508,960
10. RobWill1,323,153
11. tigermatt1,294,935
12. NJComput...1,222,396
13. LauraEHu...1,115,989
14. henjoh09925,473
15. TheCleaner864,300
16. ryansoto842,900
17. toniur842,230
18. sirbounty782,710
19. Pber776,859
20. mkline71769,209
21. dariusg718,783
22. Mestha692,297
23. dstewartjr659,571
24. hypercat558,745
25. mkbean558,617

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

08/15/2005 at 07:43AM PDT, ID: 21527340

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

9.6

Group policy question about password policies

Asked by GATOR420 in Windows 2003 Server

Tags: password, group

Hi all,

We are having a debate about whether or not you can have more than one password policy on a single domain. The question really is, can you have more than one password policy on the domain, and can they be applied individually at the OU level? Or, is my only option to configure the root domain GPO with this information and have it propogated to all the lower OUs? Here is one link I found, but I don't think it is clear enough.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/9cc167c8-cf2d-420d-96a1-e00d5aac13f5.mspx

"Avoid editing the Default Domain GPO and the Default Domain Controllers GPO

The Default Domain GPO and Default Domain Controllers GPO are vital to the health of any domain. The Default Domain GPO provides the basic domain encryption key, and if that policy is removed or deleted, users cannot unencrypt their files. There are two exceptions:

Editing the Default Domain GPO to define account policies, including password policies, account lockout policies, and Kerberos policies.

Editing the Default Domain Controllers GPO to define user rights assignment and audit policy for the domain controllers OU.

Top of page

Set domain account policy in the Default Domain GPO

When you set account policies (including password policies, account lockout policies, and Kerberos policies) in Active Directory, there can only be one domain account policy throughout all servers, workstations, and domain controllers in the domain. The policy is the account policy that is applied at the root domain of a domain tree. Although account policies affect user accounts, the policies are defined on computers."

This article says don't edit the default domain GPO EXCEPT - to define account policies, including password policies, account lockout policies, and Kerberos policies.

Does that mean I can't leave the root domain GPO undefined and then define a password policy for each OU?

Unfortunately this is getting political and the only way I can accept an answer is with a link from a vendor source such as tech net. I've found the one link above, but need something more concise/thorough.

Thanks in advance!

View the Solution FREE for 30 Days

20090824-EE-VQP-74

Group policy question about password policies

Asked by GATOR420 in Windows 2003 Server

Tags: password, group

About this solution