Hey,
I need some help/advise regarding setting up domain passwords using GPO. I need the policy to set two different maximum days age depending on what OU the computer is in.
I am trying to get item-level targeting to work so that if computer 1 is in HR then set it to 90 days, if not in HR then 180 days.
I have set 180 days in 'Policies > Windows settings > Security settings > Password Policy
I have then added two registry entries for the 90 days & 180 days in 'Preferences > Windows settings > Registry > Registry Wizard Values > HKLM > SYSTEM > CurrentControl Set > Services > Netlogon > Parameters
Reg key = 'MaximumPasswordAge' replace REG_DWORD 90
Item level targeting 'computer in OU belongs to is HR'
When i RSOP the computer it shows the value of 180 which i set in the policy, so it looks like either reg key isn't being written, or the reg key is being overwritten for some reason.
Any help/guidence would be appreciated
Thanks
I need some help/advise regarding setting up domain passwords using GPO. I need the policy to set two different maximum days age depending on what OU the computer is in.
I am trying to get item-level targeting to work so that if computer 1 is in HR then set it to 90 days, if not in HR then 180 days.
I have set 180 days in 'Policies > Windows settings > Security settings > Password Policy
I have then added two registry entries for the 90 days & 180 days in 'Preferences > Windows settings > Registry > Registry Wizard Values > HKLM > SYSTEM > CurrentControl Set > Services > Netlogon > Parameters
Reg key = 'MaximumPasswordAge' replace REG_DWORD 90
Item level targeting 'computer in OU belongs to is HR'
When i RSOP the computer it shows the value of 180 which i set in the policy, so it looks like either reg key isn't being written, or the reg key is being overwritten for some reason.
Any help/guidence would be appreciated
Thanks
Last edited:
