Solved

How to setup a shorter password expiration policy for a certain group of users.

Posted on 2006-11-01
14
297 Views
Last Modified: 2010-08-05
We have a group of users (actually 2) that need to have shorter password expiration than the rest of our normal users. How do you set something like this up?

Example:

1. All domain users passwords expire every 30 days
2. Need to maintain the above policy and have a policy for a certain group of users that forces a change every 15 days.
0
Comment
Question by:amenoss
  • 7
  • 5
  • 2
14 Comments
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17849510
Set up a new Group Policy, and add only the users/computers the user uses that you want the policy to apply to.

Edit the policy, then go to:

Computer Configuration -> Windows Settings -> Security Settings -> Password Policy

And define the maximum password age for them there.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17849577
You can't IMHO for domain accounts.  It is a domain wide, if you want different password policies you need multiple domains or third party tools:

http://www.specopssoft.com/products/specopspasswordpolicy/Default.asp

Steve
0
 

Author Comment

by:amenoss
ID: 17849972
Adam, I guess thats where im confused Im not sure how to setup a another group policy for a domain.....I was hoping there was a way other than dragon (thanks for the link!) had provided that I just wasnt aware of...
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850010
F
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850015
?

Just open your Group Policy MMC, Right-Click on the Domain, and Create and Link a GPO.

Make sure your GPO takes precedence in the inheritance chain for the users.  

0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850026
Dragon,

F  ???
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850031
Oops, that wasn;t the start  of something dodgy, was trying to say:

For domain accounts they use the policy assigned to the domain controllers and there can only be one.  Setting policies for computers if anythign will set their local account policies for local accounts.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850048
Dragon,

You sure about that?  Not saying you are incorrect, but I vaguely recall having done this before and having it work properly.  Perhaps I'm suffering from a case of bad memory.  Will run a test here in a bit and see.

0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850069
You are correct, Dragon.

Please disregard my previous comments, Amenoss, they are in error.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850081
Yes, you aren't logging into your own machine local a/c, you are logging 'into' a DC so it is the DC's account policy that takes.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850098
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 50 total points
ID: 17850110
So sorry, the answer is thrid party s/w, a new domain, or local login a/cs.
0
 

Author Comment

by:amenoss
ID: 17850124
Dragon thanks for the clarification and the link...
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850171
No problem, it's a pain but its how it is!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How can I increase the cpu to the virtual machines? 5 97
Moving Files servers to DFS 11 57
Auto-Enrollment Group Policy 2 55
DHCP lease duration / Migration 8 72
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question