On Tue, 01 Apr 2008 04:22:32 -0400, Hank Arnold (MVP) wrote:
<span style="color:blue">
> Correct me if I'm wrong, but I believe that there is only one password
> GPO for a domain. You can't have different ones for each OU...</span>
Jesper is talking about GPOs that contain password policies that are linked
some where other than at the domain level. Such GPOs will not affect domain
accounts but will affect accounts in the local SAM of any computer which
processes such GPOs.
<span style="color:blue">
>
> Jesper wrote:<span style="color:green">
>> This happens when you have a GPO applied to an OU that contains this
>> computer, and the GPO sets password policy. In other words, locally, no you
>> can't do anything as this is enforced using GPOs.
>>
>> If you are the domain admin, however, you can restructure your GPOs. One
>> option would be to create a new OU for computers that should not have this
>> policy. Then either make sure this GPO does not apply to that OU, or set a
>> new GPO that overrides this one.
>> ---
>> Your question may already be answered in Windows Vista Security:
>>
http://www.amazon.com/gp/product/047010155...rotectyourwi-20
>>
>>
>> "Noob" wrote:
>> <span style="color:darkred">
>>> Ok, Simple question.
>>>
>>> I have a Local User Account created on a Vista Business computer. This
>>> Vista system is on our Domain. I need to have this local account NOT
>>> use the Domain password policies.
>>>
>>> I am NOT able to go in and edit or change these with the Local
>>> Security Policy (They are grayed out).
>>> I am using a Domain Admin account.
>>>
>>> How do I change this?
>>>
>>> All I really want to do is remove these for this local account
>>></span></span></span>
--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
The faulty interface lies between the chair and the keyboard.