I have setup a Fine-Grained Password Policies in my Windows Server 2008 domain and if I apply the PSO to the user directly or to Global Security Groups it works as expected. Now my question is why does the FGPP NOT work if I apply it to a Domain Local Group? I have tested and it when you apply a FGPP to a DLG it doesn't work and the RSOP (GUI and Powershell) confirm that the policy is not applied. I have reviewed the following links and they specifically mention that you need to use Global Security Groups but they don't say why we can't use Domain Local Groups. http://technet.microsoft.com/en-us/library/cc770394(WS.10).aspx http://technet.microsoft.com/en-us/library/cc770842(WS.10).aspx http://technet.microsoft.com/en-us/library/cc731589(WS.10).aspx Now your probably asking why do I even what to use Domain Local Groups? I don't have to but in my organization we add uses to GG, GG to DLG and apply permissions and security to DLG's. I just want to know why it doesn't work. Thanks

Hi, You are correct. FGPP can only be applied to domain users and domain global groups. 1. Global group can only contain user accounts that are from the same domain; however, Domain Local group can contain users from any domain in the forest. 2. FGPP is used to define the password complexity of a domain. It should not apply to users in other domains.This posting is provided "AS IS" with no warranties, and confers no rights.