Re: Adding a Local User whose Password Violated Group Password Policy...

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 04/10/04

• Next message: Roger Abell [MVP]: "Re: How to used qchain?"
• Previous message: Roger Abell [MVP]: "Re: Password"
• In reply to: David: "Adding a Local User whose Password Violated Group Password Policy..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 10 Apr 2004 09:46:19 -0700

Since there is no impact on passwords of machine local account that
derives from the domain account password policies, I must assume that
you are actually enforcing the account policies on OUs as well as in GPO
that is/are linked only to the domain object. When you set account policies
in GPOs that are linked to OUs that contain machine objects, these policies
govern the machine local accounts. The policies in GPOs linked only to the
domain object impact only domain accounts.

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA,  MCSE W2k3+W2k+Nt4
"David" <anonymous@discussions.microsoft.com> wrote in message 
news:13B6D8ED-F0AC-45DE-83ED-7125E871933D@microsoft.com...
> Is there anyway to create a local user whose password would not adhere to 
> the Domain Group Password Polcy set?
>
> We have been using local accounts for IIS security. We are in the process 
> of porting our sites to new 2003 servers and wanted the process to be 
> transparent to the users.  In the meanwhile, we have a Corporate level 
> Password Policy set for our Domain that did not exist in the past...  The 
> problem is we can not create local users with their legacy passwords, 
> because they do not adhere to the new Group Policy.
>
> Anyway around it?
> 

---

• Next message: Roger Abell [MVP]: "Re: How to used qchain?"
• Previous message: Roger Abell [MVP]: "Re: Password"
• In reply to: David: "Adding a Local User whose Password Violated Group Password Policy..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Applying password policies ... > Policies from the Domain Policy and apply them to all OUs? ... all computers that are not-domain controllers ... > their local accounts. ... However different account policies ... (microsoft.public.win2000.group_policy) Re: Password Policy for remote users ... Setting the "password never expires" flag will stop the password from ... to enforce multiple policies and assign them to users, groups, and OUs. ... accounts, and this or the highest priority GPO setting account policies ... (microsoft.public.security) Re: Custom Shell and Account Switching ... >>>I use local policies for limiting the user environment. ... >>>if I will launch the explorer without logging-off I will still have the policies effect. ... >>>the Techinician can enter the Settings Menu through a small "Settings" button which is secured by a password so that the user ... How policies of your user account can affect Explorer that is launched under Admin account? ... (microsoft.public.windowsxp.embedded) Re: GPO configuration ... > account/password policy undefined and apply different OU ... > the domain level override OU level? ... I thought the lower GPO policies ... All domain controllers will get their Account ... (microsoft.public.cert.exam.mcse) Re: Filter GPO by group ... It's true that the accounts policies only can be defined within athe GPO at ... account policy, if you need diffrent policies for diffrent users, write your ... > Technet recommends to not alter the default Domain policy, ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)