Domain Password Policy

Where are you applying the policies? Password policies for domain accounts can only be controlled by policies applied at the domain level. "Milk was a bad choice!"

'Default Domain Policy’ and ‘Pupils Policy’.

Not in which policies. *where* are the policies linked. "How many squirrels had to die to make you look fly?!"

You have to apply it in default domain controller security policy. Look into windows 2003 hardening guide in the URL www.salem-radha.com

Do I have to link the 'Default Domain Policy' to my 'Pupils OU'. At the moment there is no link, just a 'Pupils Policy' on the 'Pupils OU'... Thought 'Default Domain Policy' gets applied automatically...

"You have to apply it in default domain controller security policy." Incorrect. It should be a policy that has precedence over policies linked at the domain level. By default, that is NOT the default domain controller's policy since it is linked to the domain controllers container, not the domain level. In fact, no editing should be done whatsoever to the default policies in AD. If you want different policies, make a copy of those and edit the copies or a new policy and have it take precedence. Quite honestly, it surprises me that someone who is publishing info about security didn't know this. I would therefore recommend not consulting the windows 2003 hardening guide in the URL www.salem-radha.com but instead consulting the free hardening guide straight from the horse's mouth - Microsoft. http://www.microsoft.com/downloads/... Please help survivors of Hurricane Katrina! www.redcross.org