• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 202
  • Last Modified:

Account policy

I think i am correct in saying you can only set things like password expiration  once for the domain in a policy?


at present we have 400+ users  who dont have to change passwords

we would like to change this, but dont want to implement the policy and have 400 people calling the help desk in one go (or does it not work like that)

and does what i set per user over right the policy everytime? including the account policy



0
mhamer
Asked:
mhamer
1 Solution
 
Jay_Jay70Commented:
Hi mhamer,

one password policy per domain! you should set this in your default domain policy

once the user is due to change the password, the new requirements (complexity) will kick in
0
 
mhamerAuthor Commented:
yes we have it set there  but what if i set it elseware ona lower OU  does it just get ignored?  does all of it get ignored or justparts.

0
 
elbereth21Commented:
Hi mhamer,
if you set some security policies on a lower level (like any OU), it will only affect local logins, that is logins with local accounts, non domain accounts.

Elbereth.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Jay_Jay70Commented:
you can start getting issues with multiple policies...best practices says one and only on polic for passwords
0
 
TheCleanerCommented:
Like Jay_Jay70 says, one password policy per domain (based on domain credentials, just like elbereth said).

If you want to force password changing now, but want to "ease" into it, open ADUC and grab a few user OUs, highlight all the users and choose properties, then set/checkmark "user must change password at next logon".  This way you force 40-50 users to change their password right away.  Do this each few days or each week for a few weeks, then set your domain policy to expire passwords after 90 days or similar.  Then each group is "staggered" at the 90 days mark and you risk only around 40-50 calls each time....lol.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now