Apply different domain policy to a group

[VoteQuimby]

My objective is to change the password policy on a small group of people within our organization. Currently everyone receives their password requirements from our default domain policy. Is it possible to copy the existing default domain policy, rename it, and apply it to only a handful of people? from my research, I'm finding some people say it is possible while others say it would require a 3rd party software.

 

[GeekDrew]

The password policy for domains running at functional level 2008, I believe, cannot be specified on a more granular basis than domain-wide. That was a feature added to AD in Server 2008, if I recall correctly. (Thus, you would need 3rd party software if you are running AD at less than 2008.)

 

[VoteQuimby]

Thanks for the reply.

 

[imported_snikt]

Try creating a child-OU within the parent-OU of the users in question. Move the users to it. Then apply the GPO you want to it. Don't enforce this GPO or it will supercede the primary GPO.

 

[GeekDrew]

Originally posted by: snikt
Try creating a child-OU within the parent-OU of the users in question. Move the users to it. Then apply the GPO you want to it. Don't enforce this GPO or it will supercede the primary GPO.

Have you actually had that work, for *password policy*? I haven't, and I've seen plenty of reports that the functionality was just added in 2008, and IIRC, it's still not part of the graphical GPO management interface.