Windows 2003 password group Policy

Posted on 2005-04-06
Medium Priority
Last Modified: 2010-04-18
I see everywhere that the password policy can only be change on the default domain group policy, but what about if I want to have half my users with password complexity and the other half without. is that possible? do I have to create 2 GPO at the domain level? or the accoutn policies can only be change with the defualt domain GPO. I hope someone has the answer for this. thank you
Question by:comtekn
  • 3
LVL 14

Accepted Solution

ckratsch earned 2000 total points
ID: 13722554
Account policies are only effective at the domain level, and each domain can only have one set of account policies.  Put your account policy in the Default Domain Policy.

If you absolutely need to have different account policies for different groups of users, you will need different domains.  Microsoft only recommends this if a subset of users requires stricter account policies for extreme security reasons (think Department of Defense or Jet Propulsion Labarotory) or legal reasons (think Sarbanes-Oxley Act or multi-national networks).

Author Comment

ID: 13722983
Ok so thats that, here is a quick question. what happens if the default domain policy gets deleted.and i have 2 other policies at the domain level. which one becomes the main one. Just had that in my mind for a long time and may be someone can clear it up. thanx
LVL 14

Expert Comment

ID: 13723023
Whichever policy is set at the domain level and has the highest precedence will set the account policy for the domain.

LVL 14

Expert Comment

ID: 13723044
And, the highest group policy object in the list has priority.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Screencast - Getting to Know the Pipeline

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question