Windows 2003 domain password policy

Can we have 2 sets of domain password policy? Or we can use Block Policy
Inheritance and Disable No Override option to achieve this.

Any suggestion for best Domain Password Policy pratice? Modify the default
Domain Policy GPO or create a new Password GPO and linked to the root

If we implement a secure password policy now, what may happen to the
existing users? Are they offered a chance to change their password when they
first log in? How about those laptop mobile VPN users?