Question : Domain Password Policy

I have seen alot of info out there regarding best practices for domain password policies and that they are only set at the Domain level.

My only question is if I set up the password policy in the Default Domain Policy, but I only have one OU that I need it applied to, can I just block inheritence on the others?

Reason I am asking is we have all of our user accounts in one OU, then we have all or our Service accounts (ie, Backups, Exchange Admin, etc) in another. I am trying to implement a password policy, but I don't want to affect the accounts used for maintenance and such.

Let me know if that makes sense or if I need to clarify anything.

Answer : Domain Password Policy

Sure you can block inheritance of the GP to the service accounts. This will leave you open to things like brute force or dictionary accounts. We apply our password policy to everyone regardless of what they do. However, we do not allow the service account passwords to expire. This way it is the same thing everytime the service people use it and also locks the account out if someone tries a Brute force attack.

Random Solutions

Cannot restart Window Service SharePoint Search Service

How to implement OpenSSL on Apache? (via Apache2Triad installation on Windows 2000 Server)

Need to construct an ASP / AJAX calculator to handle simple arithmetic

Exchange Server 2003 Enterprise will not uninstall

Login GPO timeout Event ID 1217

Unary and bitwise operators

Access - Calendar table

Flash game only works correctly after refreshing the page

id no: c1041724 - exchange 2003

requery subform 2 levels down.