There is only one account policy in Active Directory, and it applies to the root domain of the domain tree. This default domain policy is the default for all Windows 2000 domain members.

There is an exception that will allow different password, lockout, etc.. policies.

You can configure account policies for organizational units, which would apply to all computers within the OU.

This would allow the default domain policy to be applied when the user logs on to the domain, but the OU policy to apply when the user logs on locally.

NOTE: Domain controllers have no local accounts, so OU policies do not apply.