Windows 2003 password group Policy

I see everywhere that the password policy can only be change on the default domain group policy, but what about if I want to have half my users with password complexity and the other half without. is that possible? do I have to create 2 GPO at the domain level? or the accoutn policies can only be change with the defualt domain GPO. I hope someone has the answer for this. thank you
LVL 1
comteknAsked:
Who is Participating?
 
ckratschCommented:
Account policies are only effective at the domain level, and each domain can only have one set of account policies.  Put your account policy in the Default Domain Policy.

If you absolutely need to have different account policies for different groups of users, you will need different domains.  Microsoft only recommends this if a subset of users requires stricter account policies for extreme security reasons (think Department of Defense or Jet Propulsion Labarotory) or legal reasons (think Sarbanes-Oxley Act or multi-national networks).
0
 
comteknAuthor Commented:
Ok so thats that, here is a quick question. what happens if the default domain policy gets deleted.and i have 2 other policies at the domain level. which one becomes the main one. Just had that in my mind for a long time and may be someone can clear it up. thanx
0
 
ckratschCommented:
Whichever policy is set at the domain level and has the highest precedence will set the account policy for the domain.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4ca0ea83-3e0b-480f-8dcc-1b9f923326c3.mspx
0
 
ckratschCommented:
And, the highest group policy object in the list has priority.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.