Local Vista User Account using Domain Security Pol?

Posted: 03-31-2008, 09:06 PM
Ok, Simple question.

I have a Local User Account created on a Vista Business computer. This
Vista system is on our Domain. I need to have this local account NOT
use the Domain password policies.

I am NOT able to go in and edit or change these with the Local
Security Policy (They are grayed out).
I am using a Domain Admin account.

How do I change this?

All I really want to do is remove these for this local account

Local Vista User Account using Domain Security Pol?


Responses to "Local Vista User Account using Domain Security Pol?"

Jesper
Guest
Posts: n/a
 
RE: Local Vista User Account using Domain Security Pol?
Posted: 04-01-2008, 04:27 AM
This happens when you have a GPO applied to an OU that contains this
computer, and the GPO sets password policy. In other words, locally, no you
can't do anything as this is enforced using GPOs.

If you are the domain admin, however, you can restructure your GPOs. One
option would be to create a new OU for computers that should not have this
policy. Then either make sure this GPO does not apply to that OU, or set a
new GPO that overrides this one.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Noob" wrote:
> Ok, Simple question.
>
> I have a Local User Account created on a Vista Business computer. This
> Vista system is on our Domain. I need to have this local account NOT
> use the Domain password policies.
>
> I am NOT able to go in and edit or change these with the Local
> Security Policy (They are grayed out).
> I am using a Domain Admin account.
>
> How do I change this?
>
> All I really want to do is remove these for this local account
>
Hank Arnold (MVP)
Guest
Posts: n/a
 
Re: Local Vista User Account using Domain Security Pol?
Posted: 04-01-2008, 08:22 AM
Correct me if I'm wrong, but I believe that there is only one password
GPO for a domain. You can't have different ones for each OU...

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

Jesper wrote:
> This happens when you have a GPO applied to an OU that contains this
> computer, and the GPO sets password policy. In other words, locally, no you
> can't do anything as this is enforced using GPOs.
>
> If you are the domain admin, however, you can restructure your GPOs. One
> option would be to create a new OU for computers that should not have this
> policy. Then either make sure this GPO does not apply to that OU, or set a
> new GPO that overrides this one.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "Noob" wrote:
>
>> Ok, Simple question.
>>
>> I have a Local User Account created on a Vista Business computer. This
>> Vista system is on our Domain. I need to have this local account NOT
>> use the Domain password policies.
>>
>> I am NOT able to go in and edit or change these with the Local
>> Security Policy (They are grayed out).
>> I am using a Domain Admin account.
>>
>> How do I change this?
>>
>> All I really want to do is remove these for this local account
>>
Paul Adare
Guest
Posts: n/a
 
Re: Local Vista User Account using Domain Security Pol?
Posted: 04-01-2008, 08:52 AM
On Tue, 01 Apr 2008 04:22:32 -0400, Hank Arnold (MVP) wrote:
> Correct me if I'm wrong, but I believe that there is only one password
> GPO for a domain. You can't have different ones for each OU...
Jesper is talking about GPOs that contain password policies that are linked
some where other than at the domain level. Such GPOs will not affect domain
accounts but will affect accounts in the local SAM of any computer which
processes such GPOs.
>
> Jesper wrote:
>> This happens when you have a GPO applied to an OU that contains this
>> computer, and the GPO sets password policy. In other words, locally, no you
>> can't do anything as this is enforced using GPOs.
>>
>> If you are the domain admin, however, you can restructure your GPOs. One
>> option would be to create a new OU for computers that should not have this
>> policy. Then either make sure this GPO does not apply to that OU, or set a
>> new GPO that overrides this one.
>> ---
>> Your question may already be answered in Windows Vista Security:
>> http://www.amazon.com/gp/product/047...otectyourwi-20
>>
>>
>> "Noob" wrote:
>>
>>> Ok, Simple question.
>>>
>>> I have a Local User Account created on a Vista Business computer. This
>>> Vista system is on our Domain. I need to have this local account NOT
>>> use the Domain password policies.
>>>
>>> I am NOT able to go in and edit or change these with the Local
>>> Security Policy (They are grayed out).
>>> I am using a Domain Admin account.
>>>
>>> How do I change this?
>>>
>>> All I really want to do is remove these for this local account
>>>

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
The faulty interface lies between the chair and the keyboard.
Noob
Guest
Posts: n/a
 
Re: Local Vista User Account using Domain Security Pol?
Posted: 04-01-2008, 01:35 PM
hmm, I was afraid that was the case. I really only need to change the
local pol for the local account.

I can restructure our AD and remove the systems from that GPO i was
just wanting to find a quick way out. This is only for 3 systems that
need to have a local account with a set password due to a custom app.

Thanks for the info.

Was this the same with XP Pro?
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Failed to logon with domain user to Vista after copy local profile Sabawee Windows Vista Administration 0 11-29-2007 01:13 PM
Transfering Settings from Domain Account to Local Account John Windows Vista Administration 0 06-14-2007 04:29 PM
Transfer domain account files, settings to local account? Douglas Laudenschlager Windows XP Configuration & Management 1 05-17-2005 10:15 AM
change local user account into domain user account ? kevin Windows XP Security & Administration 1 07-26-2003 08:27 AM
Single XP Account for local and domain user Pete Wright Windows XP Security & Administration 5 07-17-2003 02:41 PM