Asked By
sun_moon
0 points
N/A
Posted on - 06/24/2011
Hello all,
How are you? I want to classify different policy of different users & computers. To set the different policies for different users and computers, what is needed policy for doing this. Describe me this different users & computer . I am waiting for solution .Please help me.
Thank you.
Answered By
Jersey12
0 points
N/A
#79701
Implement different polices for different uses & computers?
Â
Hello!
Â
Please follow these steps on how to set different policies for different computers and users:
Â
Start –> All Programs –> Administrative Tools –> Active Directory Users and Computers –> Right click on the Domain Name –> New then Organizational Unit button to create OU –> A New Object – Organizational Unit window appears, type the name of our OU –> Click OK –> Create New users or Move existing users in that organizational Units (OU) –> Right Click on the OU and click Properties –> A new window with the domain name appears –> Select Group policy tab –>  You can also check the Block Policy inheritance, if you want to block the Domain level polices for that Organizational Units Users and Computers –> You can use the Default Domain POlicy or Edit it by clicking on the Edit button or create a new one by clicking the New button –> Double click on the policy you prefer –> a new window appears, Expand Computer Configuration (Software Setting, Windows Settings and Administrative Templates) –> Expand Users Configuration window (Software Setting, Windows Settings and Administrative Templates) –> Click Apply –> Click OK
Â
Now try to login with domain users on client computers and check if policies are working or not.Â
Â
Answered By
jhyn08
0 points
N/A
#79702
Implement different polices for different uses & computers?
This is for Windows Server 2008:
1. Start
2. Administrative Tools
3. Select "Active Directory Users and Computers"
4. Expand "yourdomainname.com"
5. Right click "Users"
6. Select "New"
7. the select, "Group"
8. then on the "New Object-Group" window, click name field then enter "SpecialAdmins" then Ok
9. Close the "Active Directory Users and Computers"
10. Click the "Start" again, then "Run"
11. You must type "ADSIEDIT.MSC", click Ok
12. Then right-click the ADSI Edit, then click the "Connect to"
13. Then enter "yourdomainname.com" to the name field
14. Then double click the "yourdomainname" in your console tree
13. Click "DC-yourdomainname.com >>CN-System>>CN=Password Setting Container
14. then on the CN=Password Setting Container  click New then Object
15. Create Object>>Select Class>>click msDC-Password Setting then Next
16. Â On the Value field enter SpecialAdmins
17. Enter "1" for the msDS-PasswordSettingPresidence
18. "False" for the msDS-PasswordReversibleEncryptionEnabled
19. Enter "24" for the msDS-PassworHistoryLength
20. "False" again for msDS-PasswordComplexibilityEnabled
21. and for msDS-MinimumPasswordLength enter 12
22. 1:00:00:00 for the msDS-MinimumPasswordAge
23. Enter 3 for the msDS-LockoutThreshold
24. 0:00:30:00 for the msDS-LockoutObservationWindow
25. And enter "never" for the msDS-LockoutPasswordDuration
26. Then right click the CN=SpecialAdmins, select Properties
27. select the msDS-PSOAppliesTo attribute and then "Edit"
28. When the Multi-valued Distinguished Name With Security Principal Editor, click the "Add Windows Account"
29. Select "User, Computer or Groups" then enter "SpecialAdmins"
30. Click "Ok"
Â
Hope it helps  🙂
