Group Policy Snap-In

NOTE
You can also create and manage Specops Password Policy settings from the Password policies tab in the Domain Administration tool. See the Domain Administration Tool section for more information.

The Group Policy snap-in, installed with the Administration Tools, allows you to create and manage Specops Password Policy settings in Group Policy Objects. The settings are stored as a part of the GPO. Managing Specops Password Policy settings in Group Policy allows you to control how and where the policies are applied.

Creating a Specops Password Policy GPO

  1. In the GPMC, expand your domain node and locate the Group Policy Object.
  2. Right click on the GPO node and select New.
  3. Enter a name for the Group Policy Object and click OK.

Applying policy settings

The password policy will apply to all user accounts in locations where your GPO is linked.

If more than one GPO is linked on the same level, the link order of the GPOs determine the order the GPOs will be processed. If conflicting settings from multiple GPO’s apply to a user, Group Policy will resolve the conflict. Group Policy Objects are applied in the following order; The GPO closest to the user object in AD will have the highest precedence:

  • Local Group Policy Objects
  • Site linked Group Policy Objects
  • Domain linked Group Policy Objects
  • OU linked Group Policy Objects

If the above order does not enable you to apply your preferred settings, you can use security filtering to control on a permission level which users and computers will be affected by the GPO. Security filtering allows you to apply different policy settings to objects located on the same level in Active Directory.