Our Default Domain Policy has the following configured for Account Policies/Password Policy:
Enforce Password History = 0 passwords remembered
Maximum password age = 0 days
I would like to set password history to = 10 and maximum password age to = 183.
I don't want to configure this on the Default Domain Policy Object but rather I created a separate GPO and applied to the OUs that need to have this policy enforce. However, since the Default Domain Policy is higher in the hierarchy the GPO I created doesn't get applied.
How can I get around this? One thought I had was to set the Enforce password history and Maximum password age to not configured on the default domain policy and enable them on the GPO I created.
I was hesitant to make this change so I thought I'd ask here first before making the change.
Is the any danger in setting "Enforce password history" & "Maximum password age" to not configured on the Default Domain policy?