sorinn Posted January 10, 2007 Posted January 10, 2007 What is the difference between linking a GPO with security settings for user accounts customized ( minimum pwd age, enforce pwd history ) to the Domain level, to Domain Controllers, to a particular OU?
jpatto Posted January 10, 2007 Posted January 10, 2007 Domain controller would mean any policy would also be applied to the domain controller (i.e. if you had a disclaimer this would also show when accessing the domain controller account) whereas if it was applied to an OU it would only effect those accounts within the OU and not the domain controller.
sorinn Posted January 10, 2007 Author Posted January 10, 2007 I meant Password Policy, which at the OU level affects only local users for the machines in the OU.What happens when assigning a GPO with a new password policy to DC container? Does this affect only the users who log on on the DC?
allen2 Posted January 11, 2007 Posted January 11, 2007 Assigning password policy to the DCs should affect all AD users.
nmX.Memnoch Posted January 12, 2007 Posted January 12, 2007 Password policies are machine level. If you enforce a password policy on the domain controller(s), it will affect all domain accounts since they reside on the domain controller(s). So regardless of where the domain user physically logs in (workstation or DC) they will be forced to use the password policies set on the domain controller(s).Although I'm not sure why you would do this, you can enforce a different password policy on workstations than from the domain controllers. These policies would only apply to local workstation accounts though.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now