We are trying to enable a server 2003 group policy to force password changes every 90 days. We also wish to exclude some users from the policy. We have done this, (we think) on our domain but when we try to change a regular users password, we get an error. It says the new password does not meet the complexity requirements for lenght, history or complexity when we know that it does.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
We have already enable the password policy but when we try to test it, the users that we want to comply with the policy will not work properly. Our test user cannot get past the complexity requirements for the new password and the old one still works no matter what we try as a password. We have excluded administrators from the policy and they can create a password that is not complex but the average user cannot.
We would like to leave this question open, because we don't feel a satisfactory solution has been provided yet. We have created a policy which requires complex passwords and have exempted the administrators group from this policy, and this part works fine. Domain users are required to change and create complex passwords, while a given group, in this case administrators, are not, which is what we wanted to achieve. The issue we are having is that when domain users are required to change their password, they cannot create a password that meets the complexity requirements no matter what they enter, so they cannot successfully change their password.
Ok, you can only have one password policy per domain, the only way to exclude users from the policy is to check the "password never expires" under properties then account section.
To set the policy you would use group policy, and in the section computer configuration > Windows Settings > Security Settings > Account Policies/Password Policy youwould make your settings.
You would then apply this at domain level.
Business Accounts
Answer for Membership
by: nsx106052Posted on 2009-05-26 at 11:10:20ID: 24475855
A password policy will need to be set for the default domain policy. As far as excluding members from changing this you will need to make sure they are not a domain or enterprise admin.