qwert5905
asked on
Enforcing password policy
I am trying to enforce a GPO password policy for all our domain users, and would prefer to implement this on individual user OU's. I changed the Default Domain Policy by going to Computer Configuration -> Workstation Settings -> Security Settings -> Account Policies -> Password Policy. My changes including password complexity worked, however, only at the computer level i.e. local accounts. How do I enforce a password policy at the domain level so it applies to specific domain users?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
... to expand on my first commenr - in windows 2000 and 2003 the same password and account policies must be applied at the domain and applies throughout the domain - you cannot have a different polict for different users, groups or OUs.
In Windows 2008 (due soon), the ability to have different policies on OUs has been added.
In Windows 2008 (due soon), the ability to have different policies on OUs has been added.
ASKER
Thanks for everyone's comments. So, why is the password policy updating the local computer policy and not affecting the network user accounts? I understand that the I've made changes to the Computer Configuration, which affects computers, however, why is this password policy modifed on the Default Domain Policy not enforced when I force password changes on network accounts?
Chris
Chris
In a domain the domain policy takes presidence over the local policy, the domain policy will apply to domain accounts.
To force the policy to update after immediately you need to run GPUPDATE /force from the run option
To force the policy to update after immediately you need to run GPUPDATE /force from the run option
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Best Luck