Hello guys and thanks for your time and expertise.
My domain/forest functional level is server 2003 - hoping to go to 2008 but never seem to have the time.
Iv'e been tasked with creating a domain password policy that should apply to all users in the domain. My first question is should I configure this in the default domain policy. Is that considered best practices or should I create another dedicated password policy GPO and link that to the domain node and make it #1 in the link order so it applies after the default domain policy.
My second question is will this domain policy affect local accounts such as a local administrator account on a server. If that's the case I guess I should block inheritance on my server OUs.
Anyway - your recommendations and advice are greatly appreciated.