Is there a way to set password policy in on a W2k3 domain so that you can have a different policy for your different OU's? Right now, with the new state security restrictions, we have to set a password policy globally that requires complex passwords, 90 day expirations, and a 15min screen lock. For computer labs and Smart Classrooms, this is obviously a problem. We've searched high and low for a solution, but there seems to be no way to set the policy per OU. We could have a subdomain for the labs and class rooms, but we need them to be able to access the resources of the main domain. Ideally, we need the 15 min lockout and complexity requirements on most OU's with a much less restrictive policy on the labs and classrooms.
Pre July 1st, we had a generic login for the labs with an easy password. We're working around this problem at this time. The classroom machines are joined to the domain, but also have a local login (which now needs to meet the global policy, as well) for them. We need to have domain access occasionally on these machines (it takes forever to build the profiles), but mainly we need a quick username and password for quick login to the machines... The OU specific policy could really help us out.
Any ideas? Evilghost/evilchris... I'm looking at you two.
Edit: Is this more of a Windows problem or Networking? I forgot we had that nifty forum.