Re: domain security policy
- From: Patrick <Patrick@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 2 Apr 2008 23:15:00 -0700
Thanks Brian,
I found the following doc, is it safe to appy it to prevent "Administrator"
or some service a/c to appy those password policy.
http://support.microsoft.com/kb/315675
Thanks
Patrick
"Brian Komar (MVP)" wrote:
Some answers inline..
"Patrick" <Patrick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F49EB9FC-BD85-4504-A0A0-E48994398E56@xxxxxxxxxxxxxxxx
Thanks all your help.
I want to setup a security policy on Windows 2000 domain environment to
enforce general user to change their password every 3 months and something
like enforce password history, a/c lock out.
I have the following question:
- Is it applied to all domain users inclued "Domain Administrator"?
Yes, unless there is a specific account setting override
- How can exclude some of users like "Domain Administrator" and some
services a/c of above setting?
Yes, for the specific account, you can choose to prevent the requirement to
change passwords. But, if you set up complexity, etc, then it must be
followed.
- If I set these policy in a new created OU level and move geneal user
computer object to this OU (not server and DC object), am I right that the
policy will only apply to these computer.
Nope. Account policy is domain wide in a Windows 2000 (and 2003) domain. It
applies to *all* users in the domain.
- What is the best prastice to apply these domain security setting?
Like you are doing.
Thanks for your help.
Patrick
- Follow-Ups:
- Re: domain security policy
- From: Brian Komar \(MVP\)
- Re: domain security policy
- References:
- domain security policy
- From: Patrick
- Re: domain security policy
- From: Brian Komar \(MVP\)
- domain security policy
- Prev by Date: Re: domain security policy
- Next by Date: Re: domain security policy
- Previous by thread: Re: domain security policy
- Next by thread: Re: domain security policy
- Index(es):
Relevant Pages
|
|
