We help IT Professionals succeed at work.

Password Expiration Group Policy

I have set a password expiration group policy on our domain.  My question is, who receiveds the password expiration policy in a domain, the domain controller or individual computers?  Also, where is the best place to set the policy, on the "Default Domain Policy" or "Default Domain Controllers Policy"?
My reason for asking is because we use Active Directory for our user authentication on our customer website, and want set password expiration.  Before now there hasn't been any password policy set, and I just some information on how this works.
Watch Question

Awarded 2007
Top Expert 2008
In windows 2003 you can only have a single policy - it should be set at the Domain level - ie the default domain policy. It is the DC that actually enforces the policy.
To apply the password policy to DOMAIN user accounts, the policy must be set in the default domain policy.

A password policy applied anywhere else will only affect LOCAL user accounts.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.