Windows 2003 domain password policy



Can we have 2 sets of domain password policy? Or we can use Block Policy
Inheritance and Disable No Override option to achieve this.

Any suggestion for best Domain Password Policy pratice? Modify the default
Domain Policy GPO or create a new Password GPO and linked to the root
container?

If we implement a secure password policy now, what may happen to the
existing users? Are they offered a chance to change their password when they
first log in? How about those laptop mobile VPN users?


.