Above are the policies applying on the ProjectA OU. The OU contains both the Users and Computers belonging to ProjectA. No 'Blocking Inheritance' of policies is taking place.

HINT: Please recall, password policies are in the 'Computer Configuration' section of the GPO, and thus apply on the local user accounts within the Computers that the GPOs are applying on. They DON'T apply on user accounts in the domain unless they are configured in Default Domain Policy.

Consider that these password policies are set within the above-shown GPOs:

Assets Baseline Policy:

Enforce Password History: Not Defined

Maximum Password Age: Not Defined

Minimum Password Length: Not Defined

Password must meet complexity requirements: Disabled

Clients SMS Enabler Policy

Enforce Password History: Not Defined

Maximum Password Age: Not Defined

Minimum Password Length: Not Defined

Password must meet complexity requirements: Not Defined

Clients Ets LAPS Configuration

Enforce Password History: Not Defined

Maximum Password Age: Not Defined

Minimum Password Length: Not Defined

Password must meet complexity requirements: Not Defined

Engineering Policy

Enforce Password History: Last 0 remembered

Maximum Password Age: 180 Days

Minimum Password Length: 10 characters

Password must meet complexity requirements: Enabled

Default Domain Policy

Enforce Password History: Last 20 remembered

Maximum Password Age: 90 Days

Minimum Password Length: 16 characters

Password must meet complexity requirements: Enabled

Based on the above:

Computers in ProjectA will get these policies:

1. Minimum Password Length: [ Select ] ["10 characters", "No Defined", "16 characters"]
2. Maximum Password Age: [ Select ] ["Not Defined", "180 Days", "90 Days"]
3. Complexity Requirement: [ Select ] ["Disabled", "Enabled", "Not Defined"]

Users in ProjectA will get these policies:

4. Minimum Password Length: [ Select ] ["16 Characters", "10 Characters", "Not Defined"]
5. Maximum Password Age: [ Select ] ["180 Days", "Not Defined", "90 Days"]
6. Complexity Requirement: [ Select ] ["Enabled", "Disabled", "Not Defined"]

7. Now in this scenario, the Highest Precedence Enforced Policy, 'Assets Baseline Policy', has 'Enforce Password History' configured as 'Not Defined'. That means 'Not Defined' wins all conflicts and is the policy setting the computers will receive: [ Select ] ["True", "False"]

tefulton. TAD ASU.EDU Default Domain Policy Accounts Classrooms Clients Domain Controllers Servers Assets Assets Baseline Policy Clients Ets LAPS Configuration Clients SMS Enabler Policy Engineering Engineering Policy Project Clients et LAPS Configuration Project Liriked Group Poly Objects Group Pokerhotance Delegation This he does not include any GPa Inked to stes. For more details. Help Precedence GPO Location 1 Enforced) Aset Baseline Policy 2 Enforced) Certs SMS Enabler Policy Clients Els LAPS Configuration Project Engineering Policy Engineering Certs Bas LAPS Configuration des Defaut Domain Policy tefulton, TAD ASU.EDU GPOS Enabled Enabled Enabled Enabled Enabled Enabled tefulton. TAD ASU.EDU Default Domain Policy Accounts Classrooms Clients Domain Controllers Servers Assets Assets Baseline Policy Clients Ets LAPS Configuration Clients SMS Enabler Policy Engineering Engineering Policy Project Clients et LAPS Configuration Project Liriked Group Poly Objects Group Pokerhotance Delegation This he does not include any GPa Inked to stes. For more details. Help Precedence GPO Location 1 Enforced) Aset Baseline Policy 2 Enforced) Certs SMS Enabler Policy Clients Els LAPS Configuration Project Engineering Policy Engineering Certs Bas LAPS Configuration des Defaut Domain Policy tefulton, TAD ASU.EDU GPOS Enabled Enabled Enabled Enabled Enabled Enabled