That should work. I can just have the GPO apply to a specific group and slow merge the folks in over time? And it's the users that go in the group, not computers...even though the GPO is applied under the computer section, correct?
>From the sounds of FGPP...it seemed complex and dangerous to be in the bowels >of AD making those changes :) I is afraid! From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Thursday, December 13, 2012 12:53 PM To: NT System Admin Issues Subject: RE: Domain Password Policy Force it on next login. Apply it to a group and slowly add people to that group to control the rollout. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, December 13, 2012 12:51 PM To: NT System Admin Issues Subject: RE: Domain Password Policy +1 for FGPP (Fine Grained Password Policy) but I believe unless you force them to change there passwords at next prompt it should still allow your users to login and work, its just on next password change they will have to obey the new policy. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org<mailto:ezi...@lifespan.org> From: David Lum [mailto:david....@nwea.org] Sent: Thursday, December 13, 2012 12:45 PM To: NT System Admin Issues Subject: RE: Domain Password Policy Why not use FGPP? It sounds like that functionality is what you want here. From: Kelsey, John [mailto:jckel...@drmc.org] Sent: Thursday, December 13, 2012 9:30 AM To: NT System Admin Issues Subject: Domain Password Policy So we're implementing a password policy in our 2008 domain and I'm seeing some conflicting info on this. It seems that the policy must be applied at the top domain level and there can only be one policy per domain (not going to use FGPP). So does that mean when I activate the policy, it will automatically take effect on the next computer policy refresh for ALL machines in the domain? Can we roll it out a little more controlled, like per OU so we don't have a thousand people calling the help desk all at once? What about users that I want to have bypass the policy, like service accounts? Most of the things I'm reading seem to indicate its 'all or nothing', which translates into PAIN. Thanks all! ************************************* John C. Kelsey DuBois Regional Medical Center *: 814.375.3073 * : 814.375.4005 *: jckel...@drmc.org<mailto:jckel...@drmc.org> ************************************* This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin