OK, so I am going to level, I am a software engineer trying to do the work of a System Admin.
I asked a question about overriding password policies and got an answer that sounded right, but that I did not understand how to do.
Basically it told me to apply a policy change at the ou level on the computer in question. I have never had to apply a policy of any kind.
Is anyone out there willing to help out a newbie with a step by step of how to do this. (See the other question for a reason why I am doing this.)
To apply group policy at an OU level you just need to go into AD users and computers, right click on the OU you want the policy applied to and then go to properties. In here select the group policy tab, this is where policy's are set.
Click on new to create a new policy, give it a name, then click on edit. This will bring up the editing window where you can drill down to security settings (Computer configuration -> windows settings) or whatever else you want, and change the policy to what you need.
To save simply close the window. Once you are done you may want to run gpupdate from the command to ensure the policy is updated.
I'm the guy that gave you the answer re: the password policies... >smile<
Sam's answer is basically correct. To make it a bit more specific to your circumstance, you wnat to link the GPO with your password policy settings onto the OU where the server computer that needs the different password policy is located. Be aware that if there are other computers in that OU they will apply the policy as well. That may not be exactly what you want.
Consider the following:
Supposing that you want only SERVER02 to have the altered password policy settings, your best move is to create a sub-OU of the "Member Server Computers" OU and place SERVER2 into it, like so:
In this way, all the GPOs that already apply to "Member Server Computers" will still apply to SERVER2 (since it's location in the directory is still below "Member Server Computers"), but the GPO that you create and link to "Relaxed Local Password Policy Computers" will only apply to SERVER02.
Doing this with the sub-OU is also nice, assuming that there are other computers in the same OU as "SERVER02", because it limits the application of the policy in cases where you do something you don't mean to. You can damage a lot of computers very quickly and efficiently with group policy... >smile< It's an excellent tool for amplifying human mistakes.
(There are other ways to make the GPO only apply to SERVER02 w/o creating a sub-OU. This isn't the place to discuss them, but when you're ready, search for the phrase "group policy filtering permission" with your favorite search engine and you can learn about it.)
I've found that the OS documentation for Group Policy is really convoluted and terrible-- what w/ all the talk about "precedence", etc. It's a very simple algorithm that Group Policy uses to determine the "effective" settings based on applying a bunch of GPOs to a user or computer, but Microsoft technical writers seem to want to make it seem "magical" and, thus, they seem to make the documentation too complex. I ought to sit down sometime w/ a microphone and a screen capture utility and do a "tutorial on Group Policy application" video or something. (Yeah... in my copious free time...)
Well, I will point you to This, but you may want to try using Group Policies in a non production environment first, as there are some things that can get a little... messy. Once you get used to them, though, they are a very efficient way of managing your workstations and servers. I would recommend picking up a book focusing on windows server administration and group policy from Microsoft Press or O'Reilly.
It's not possible to apply group policies to specific user or user groups. Suppose we want to create a seperate policy for a specific user, then we must creat a OU first and apply the GP whata ever you want, then move the user or group onto the OU. this is the best practice to manage a user and user group.