Solved

How to setup a shorter password expiration policy for a certain group of users.

Posted on 2006-11-01
14
300 Views
Last Modified: 2010-08-05
We have a group of users (actually 2) that need to have shorter password expiration than the rest of our normal users. How do you set something like this up?

Example:

1. All domain users passwords expire every 30 days
2. Need to maintain the above policy and have a policy for a certain group of users that forces a change every 15 days.
0
Comment
Question by:amenoss
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
14 Comments
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17849510
Set up a new Group Policy, and add only the users/computers the user uses that you want the policy to apply to.

Edit the policy, then go to:

Computer Configuration -> Windows Settings -> Security Settings -> Password Policy

And define the maximum password age for them there.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17849577
You can't IMHO for domain accounts.  It is a domain wide, if you want different password policies you need multiple domains or third party tools:

http://www.specopssoft.com/products/specopspasswordpolicy/Default.asp

Steve
0
 

Author Comment

by:amenoss
ID: 17849972
Adam, I guess thats where im confused Im not sure how to setup a another group policy for a domain.....I was hoping there was a way other than dragon (thanks for the link!) had provided that I just wasnt aware of...
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850010
F
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850015
?

Just open your Group Policy MMC, Right-Click on the Domain, and Create and Link a GPO.

Make sure your GPO takes precedence in the inheritance chain for the users.  

0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850026
Dragon,

F  ???
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850031
Oops, that wasn;t the start  of something dodgy, was trying to say:

For domain accounts they use the policy assigned to the domain controllers and there can only be one.  Setting policies for computers if anythign will set their local account policies for local accounts.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850048
Dragon,

You sure about that?  Not saying you are incorrect, but I vaguely recall having done this before and having it work properly.  Perhaps I'm suffering from a case of bad memory.  Will run a test here in a bit and see.

0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850069
You are correct, Dragon.

Please disregard my previous comments, Amenoss, they are in error.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850081
Yes, you aren't logging into your own machine local a/c, you are logging 'into' a DC so it is the DC's account policy that takes.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850098
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 50 total points
ID: 17850110
So sorry, the answer is thrid party s/w, a new domain, or local login a/cs.
0
 

Author Comment

by:amenoss
ID: 17850124
Dragon thanks for the clarification and the link...
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850171
No problem, it's a pain but its how it is!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question