We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Cannot deny user from domain password policy

zbruski
zbruski asked
on
Medium Priority
936 Views
Last Modified: 2012-05-04
I have a user who I did not want to apply the domain password policy (complex passwords, password history, etc.)  I enforced the policy, then realized this user account must not use the policy.  I opened the policy from AD users and computers applied to the domain for the password, went into the security tab, added the user account, and denied all for the policy.  I still cannot change the password for this user because an error appears saying "cannot change the password because the password does not meet the password policy requirements."  What am I missing here?
Comment
Watch Question

Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Commented:
Just deny "apply" the policy for that user, not more.
Policies are applied after an amount of time (I don't remember after how long),after a logon or after the command from the prompt "secedit /refreshpolicy user_policy".
So, try the second or the third solution and let us know the result.

Regards, Antonio
Fatal_ExceptionSystems Engineer
Top Expert 2005

Commented:
Policies are refreshed between 90 and 120 minutes after configuring them, unless you push the policy out with a command line..

Password policies are always applied at the Domain Level, so there is no way to create a separate OU for this user and separate them from the pack..  But you might use the Deny permission for that specific user, as mentioned above..  never tried it, but it might just work..

FE

Author

Commented:
Applying additional policies with slacker password requirements and denying policies to both the domain and OU (knew password policy for domain would override but still gave it a shot) all failed.  I had to end up making the first domain policy for the password less restrictive then I could change it back to the original password.  The correct answer was the last portion of  briancassin's response.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.