RE: Group Policy: multiple password policies in the same domain?

 Inline replies to a couple of different people.

> > You can only set password policies affecting domain 
> accounts using the 
> > "default domain policy" GPO - ie. the GPO at the top of the AD tree 
> > for a particular domain.

Actually, that's not the case. You can only affect domain accounts at the
domain level, but you do NOT have to use the "Default Domain Policy" GPO.
You can create your own and it works. If you have multiple domain-level
policies that specify password settings, the last applied policy at the
domain level will "win". My other post answering the original question got
bounced, but I clarified some of this in it.

> Does anyone know why the password policy is a computer and 
> not a user-based setting?

Why would it be a computer setting? That would make no sense for all of the
users in the domain who are people rather than computers. Again, you can
only have a single password policy that affects accounts stored in AD for a
given domain. Because both users and computers are stored in AD, the
password policy applies to *any* account stored in AD. 

Laura


---------------------------------------------------------------------------
---------------------------------------------------------------------------