?
Solved

How to setup a shorter password expiration policy for a certain group of users.

Posted on 2006-11-01
14
Medium Priority
?
302 Views
Last Modified: 2010-08-05
We have a group of users (actually 2) that need to have shorter password expiration than the rest of our normal users. How do you set something like this up?

Example:

1. All domain users passwords expire every 30 days
2. Need to maintain the above policy and have a policy for a certain group of users that forces a change every 15 days.
0
Comment
Question by:amenoss
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
14 Comments
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17849510
Set up a new Group Policy, and add only the users/computers the user uses that you want the policy to apply to.

Edit the policy, then go to:

Computer Configuration -> Windows Settings -> Security Settings -> Password Policy

And define the maximum password age for them there.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17849577
You can't IMHO for domain accounts.  It is a domain wide, if you want different password policies you need multiple domains or third party tools:

http://www.specopssoft.com/products/specopspasswordpolicy/Default.asp

Steve
0
 

Author Comment

by:amenoss
ID: 17849972
Adam, I guess thats where im confused Im not sure how to setup a another group policy for a domain.....I was hoping there was a way other than dragon (thanks for the link!) had provided that I just wasnt aware of...
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850010
F
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850015
?

Just open your Group Policy MMC, Right-Click on the Domain, and Create and Link a GPO.

Make sure your GPO takes precedence in the inheritance chain for the users.  

0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850026
Dragon,

F  ???
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850031
Oops, that wasn;t the start  of something dodgy, was trying to say:

For domain accounts they use the policy assigned to the domain controllers and there can only be one.  Setting policies for computers if anythign will set their local account policies for local accounts.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850048
Dragon,

You sure about that?  Not saying you are incorrect, but I vaguely recall having done this before and having it work properly.  Perhaps I'm suffering from a case of bad memory.  Will run a test here in a bit and see.

0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850069
You are correct, Dragon.

Please disregard my previous comments, Amenoss, they are in error.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850081
Yes, you aren't logging into your own machine local a/c, you are logging 'into' a DC so it is the DC's account policy that takes.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850098
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 200 total points
ID: 17850110
So sorry, the answer is thrid party s/w, a new domain, or local login a/cs.
0
 

Author Comment

by:amenoss
ID: 17850124
Dragon thanks for the clarification and the link...
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850171
No problem, it's a pain but its how it is!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question