|
Posted by Vincent Hsieh on December 27, 2006, 12:56 pm
Please log in for more thread options Hello Joe,
Thank you for your quick help.
When you said "domain wide", I don't really understand it. For example,
can I have a domain account policy, then I would like to disable the
account policy on a computer under this domain. Is it possible to do
that?
Can you tell me the precedence sequence on the password policy about
domain server and a computer that is under this domain?
Thank you,
Vincent
> The password policy for domain accounts is currently domain wide. You
> cannot do what you are describing without third party tools or multiple
> domains.
>
> The question I have though is why would you want to... This would lead
> to a very inconsistent environment.
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
>
>
> ---O'Reilly Active Directory Third Edition now available---
>
> http://www.joeware.net/win/ad3e.htm
>
>
> Vincent Hsieh wrote:
> > Hi there,
> > I would like to change password policy on NT 2 server that is windows
2003.
> > NT 2 was joined
> > to domain NT 1. I don't want to change the whole domain password policy.
I
> > only
> > want to change NT 2 password policy.
> >
> > Then I follow the following procedures from Windows 2003 server help:
> > =================================================================
> > For a domain, and you are on a member server or a workstation that is
joined
> > to the domain
> > 1.
> > Open Microsoft Management Console (MMC).
> >
> > 2.
> > On the File menu, click Add/Remove Snap-in, and then click Add.
> >
> > 3.
> > Click Group Policy Object Editor, and then click Add.
> >
> > 4.
> > In Select Group Policy Object, click Browse.
> >
> > 5.
> > In Browse for a Group Policy Object, select a Group Policy object
(GPO)
> > in the appropriate domain, site, or organizational unit--or create a new
> > one, click OK, and then click Finish.
> >
> > 6.
> > Click Close, and then click OK.
> >
> > 7.
> > In the console tree, click Password Policy.
> >
> > Where?
> >
> > . Group Policy Object [computer name] Policy/Computer
> > Configuration/Windows Settings/Security Settings/Account
Policies/Password
> > Policy
> >
> >
> > 8.
> > In the details pane, right-click the policy setting that you want,
and
> > then click Properties.
> >
> > 9.
> > If you are defining this policy setting for the first time, select
the
> > Define this policy setting check box.
> >
> > 10.
> > Select the options that you want, and then click OK.
> >
> > =================================================================
> >
> > When I right click "Mininum policy length", it is still grey out.
> > Could you tell me why it is grey out?
> > Now I have set up the domain password policy on NT 1 server, will
it
> > override NT 2 password policy
> > and do not allow to change NT 2 password polciy?
> >
> > Thank you,
> > Vincent
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
| 
XML Sitemap