Yes, it works as you describe. I've done this before by blocking inheritance of the default domain policy (easy to test without fooling with your default domain GPO), but your method is probably easier to manage.
-Malcolm From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, December 08, 2010 14:30 To: NT System Admin Issues Subject: GPO for Password Policy question W2K3 FFL domain: Can someone let me know if this is correct: OK, so you have your default domain policy, which is linked to the domain. You have account Password policies configured there. This affects both local SAM accounts and AD accounts. If you decided for some business reason that you didn't want these password policies to apply to local SAM accounts (i.e. password complexity requirements), but only AD accounts, could you remove the password policies from the default domain GPO and apply them to the default Domain controllers GPO, which should then only affect AD accounts? Thanks Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin