Using item level targeting in GPO

Associate
Joined
8 Mar 2010
Posts
84
Hey,

I need some help/advise regarding setting up domain passwords using GPO. I need the policy to set two different maximum days age depending on what OU the computer is in.

I am trying to get item-level targeting to work so that if computer 1 is in HR then set it to 90 days, if not in HR then 180 days.

I have set 180 days in 'Policies > Windows settings > Security settings > Password Policy

I have then added two registry entries for the 90 days & 180 days in 'Preferences > Windows settings > Registry > Registry Wizard Values > HKLM > SYSTEM > CurrentControl Set > Services > Netlogon > Parameters

Reg key = 'MaximumPasswordAge' replace REG_DWORD 90
Item level targeting 'computer in OU belongs to is HR'

When i RSOP the computer it shows the value of 180 which i set in the policy, so it looks like either reg key isn't being written, or the reg key is being overwritten for some reason.

Any help/guidence would be appreciated

Thanks
 
Last edited:
Back
Top Bottom