PSOs are assigned to users or groups - they are not able to be assigned to OUs.
All that such a proposed policy would do is change the password policy for local accounts on that Citrix server. Cheers Ken From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, 28 October 2010 8:24 PM To: NT System Admin Issues Subject: Re: Windows 2008 password policies Well I have just talked to them about it, and their stutters lead me to believe that they may indeed be full of it... They are "going to have a look" at how it is implemented Ideally I'd just like to be able to test it myself though. Killjoys. On 28 October 2010 13:18, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: I think they are full of it. Although I admit to the possibility that they've discovered something that I just didn't know about. Joeware.net has a free tool for dealing with pso's. recommended. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>] Sent: Thursday, October 28, 2010 8:01 AM To: NT System Admin Issues Subject: Windows 2008 password policies I know Windows 2008 AD supports fine-grained password policies, I also thought this was done through adsiedit voodoo such as documented here (http://technet.microsoft.com/en-us/library/cc770842%28WS.10%29.aspx). I have a team of consultants on site who are telling me that fine-grained password policies can simply be set by blocking GPO inheritance on the Citrix servers OU (which is where all the computers sit that all our users log on to) and linking a new GPO to the OU which will override the default domain policy. Are they right, or am I? We are simply looking at disabling the password complexity requirement for the test users in the new domain, and they won't let me have an account at the minute to test things (maybe they are worried I might find some errors), which is why I am having to ask. TIA, JRR -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin