Windows 2003 domain password policy

Can we have 2 sets of domain password policy? Or we can use Block Policy
Inheritance and Disable No Override option to achieve this.

Any suggestion for best Domain Password Policy pratice? Modify the default
Domain Policy GPO or create a new Password GPO and linked to the root
container?

If we implement a secure password policy now, what may happen to the
existing users? Are they offered a chance to change their password when they
first log in? How about those laptop mobile VPN users?


.

Relevant Pages

  • Re: Windows 2003 domain password policy
    ... Windows only supports one domain password policy per domain. ... includes an API for custom password filters in Windows. ...
    (microsoft.public.windows.server.security)
  • Re: Re: Changing the domain password policy
    ... You deal with the Service Account passwords by making them comply with your password policy. ... you can create as many different password policies as you like - the Domain Password Policy will be the one actually applied to all users. ... I suppose that if you wanted to be extra safe, you could make a policy just for the service accounts, and have a different set of password requirements for these accounts, and have the default domain policy have the stronger password complexity settings. ...
    (Security-Basics)
  • RE: Changing the domain password policy
    ... You can't "change" the password policy in Active Directory Users and ... password resets in Active Directory Users and Computers ARE affected by ... Changing the domain password policy ... How do other people deal with service accounts and their adherence to ...
    (Security-Basics)
  • Re: GPO and password policies
    ... Configure the exception accounts first and then implement ... I can't imagine Decatur Illinois ever being boring! ... >> Maximum password age is part of the domain password policy the will apply ...
    (microsoft.public.security)