Hello!
Currently looking to apply a password policy in a domain environment (password history, minimum characters etc......) (Server 2003)
I'd like to apply password security to all DeltaV users but have the service accounts set to never expire
I noticed in the AD there is separate OU's for DeltaV users, DeltaVWorkstations,DeltaV Locked down Workstations,Domain Controllers. Would setting the default domain policy from the root be sufficient enough to apply password security to DeltaV user accounts or would it also need to be done from an OU Level?
Any advice greatly appreciated.
I would recommend adding you own site-specific policy then applying it with the correct security/WMI filtering and order to get exactly what you need. I would not alter the default domain policy (though I have in the past...) or the Emerson Out-of-the-box policies.
The reason is that upgrades potentially alter both the default and Emerson policies. If you have your own policy created, the upgrade procedure should not affect it, and you can easily export and differentiate the scope of the policy.
I believe that configuration of a user's 'never expire' setting overrides the expiration of password policy, (that is unless you are enforcing a policy to prevent administrators from being able to check that box for users).
In reply to Youssef.El-Bahtimy:
In reply to Mambo: