Do domain level passwords take precedence over GPO level passwords?
I'm running a pure Win2k network and want to enable passwords of 10 characters at a domain level,and at the GPO level I specified passwords only had to be five characters. Which one would take preference on the desktop machines?
As long as users use domain accounts to log on to the domain only the password policy specified in the default domain GPO will be effective. All domain users will need a 10 character password.
If, however, users are given local accounts on their desktops, it is possible that they can use five character passwords when using these accounts, but these accounts will not have access to domain resources.
This was first published in November 2003