Apply the PSO to an Active Directory Domain Services (AD DS) group to which all IT administrators belong.
To apply a PSO to a user or group, perform the following steps:
1. | Log on to a DC or a member computer that has Windows Server 2008 RSAT installed.
|
2. | Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
|
3. | On the View menu, ensure Advanced Features is selected as shown in Figure 1.
|
4. | In the console tree, expand the System node and then select the Password Settings Container node.
|
5. | In the details pane, right-click the PSO you want to configure and select Properties.
|
6. | On the PSO properties page, click the Attribute Editor tab.
|
7. | Click Filter, ensure the Show only attributes that have values option is not checked, as shown in Figure 2.
|
8. | Select the msDS-PsoAppliesTo attribute, and click Edit.
|
9. | On the Multi-valued Distinguished Name with Security Principal Editor window, shown in Figure 3, click Add Windows Account.
|
10. | In
the Select Users, Computers, or Groups window, type the name of the
user or global group to which you want to apply the PSO, and click OK.
|
11. | Click
OK on the Multi-valued Distinguished Name with Security Principal
Editor window; then click OK to close the properties for the PSO. |