Re: domain security policy

Some answers inline.
"Patrick" <Patrick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:F49EB9FC-BD85-4504-A0A0-E48994398E56@xxxxxxxxxxxxxxxx
Thanks all your help.

I want to setup a security policy on Windows 2000 domain environment to
enforce general user to change their password every 3 months and something
like enforce password history, a/c lock out.

I have the following question:
- Is it applied to all domain users inclued "Domain Administrator"?

Yes, unless there is a specific account setting override
- How can exclude some of users like "Domain Administrator" and some
services a/c of above setting?

Yes, for the specific account, you can choose to prevent the requirement to change passwords. But, if you set up complexity, etc, then it must be followed.

- If I set these policy in a new created OU level and move geneal user
computer object to this OU (not server and DC object), am I right that the
policy will only apply to these computer.

Nope. Account policy is domain wide in a Windows 2000 (and 2003) domain. It applies to *all* users in the domain.

- What is the best prastice to apply these domain security setting?

Like you are doing.

Thanks for your help.