I know Windows 2008 AD supports fine-grained password policies, I also thought this was done through adsiedit voodoo such as documented here ( http://technet.microsoft.com/en-us/library/cc770842%28WS.10%29.aspx). I have a team of consultants on site who are telling me that fine-grained password policies can simply be set by blocking GPO inheritance on the Citrix servers OU (which is where all the computers sit that all our users log on to) and linking a new GPO to the OU which will override the default domain policy. Are they right, or am I?
We are simply looking at disabling the password complexity requirement for the test users in the new domain, and they won't let me have an account at the minute to test things (maybe they are worried I might find some errors), which is why I am having to ask. TIA, JRR -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
