I need to set account policies for domain users. The policy needs to include password complexity, length, age, history settings. I need to control WHO I apply these policies too. We have several domain user accounts that are used for services on each of the workstations. I cannot force password changes every 60 days on these special accounts without "breaking" certain programs. I do not want to apply this policy to the administrator account either. I only want to apply these policies to "regular staff" users and computers.
If I apply the new password policy to the domain GPO, I believe it will affect ALL the accounts including the administrator account and special service accounts. I believe I need to create a new OU called STAFF-OU. Do I place domain user accounts in that folder or domain computer accounts in that folder?
The domain has two SERVER 2003 DCs and 4 SERVER 2008R2 DCs.
What's the best way to accomplish this?
Thanks for your assistance!