Solved

Group Policy: User vs Computer Configuration

Posted on 2009-07-16
1
455 Views
Last Modified: 2012-05-07
We want to implement the following Group Policy:
Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy:
Account lockout duration:  0  (If a user gets locked out, he is not automatically unlocked. Only an Admin can unlock acct)
Account lockout threshold:  5 invalid logon attempts
Reset account lockout counter after 180 minutes

However, we don't want this to apply to any of our Admins.

This is currently the tree structure of our AD:
domain.local
     Staff OU
            Admins OU
            Sales OU
            Marketing OU
     Computers OU
            Sales Computers OU
            Marketing Computers OU
            Customer Services Computers OU

If this was a USER CONFIGURATION, I would just apply this GPO to the Staff OU, and then DISABLE this GPO for the Admins OU. But, since its a Computer Configuration, I'm not sure what's the best way to do this.
0
Comment
Question by:pzozulka
1 Comment
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 24871315
Not possible in a W2k3 AD, unless with a third-party tool like from http://www.specopssoft.com/.
In a regular W2k3 AD, you can only have *one* password policy *per* *domain*, the password policy *has* to be linked to the domain root, and it *has* to apply to the DCs.
Only W2k8 supports "fine grained" password policies.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question