• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 306
  • Last Modified:

How to setup a shorter password expiration policy for a certain group of users.

We have a group of users (actually 2) that need to have shorter password expiration than the rest of our normal users. How do you set something like this up?

Example:

1. All domain users passwords expire every 30 days
2. Need to maintain the above policy and have a policy for a certain group of users that forces a change every 15 days.
0
amenoss
Asked:
amenoss
  • 7
  • 5
  • 2
1 Solution
 
AdamRobinsonCommented:
Set up a new Group Policy, and add only the users/computers the user uses that you want the policy to apply to.

Edit the policy, then go to:

Computer Configuration -> Windows Settings -> Security Settings -> Password Policy

And define the maximum password age for them there.
0
 
Steve KnightIT ConsultancyCommented:
You can't IMHO for domain accounts.  It is a domain wide, if you want different password policies you need multiple domains or third party tools:

http://www.specopssoft.com/products/specopspasswordpolicy/Default.asp

Steve
0
 
amenossAuthor Commented:
Adam, I guess thats where im confused Im not sure how to setup a another group policy for a domain.....I was hoping there was a way other than dragon (thanks for the link!) had provided that I just wasnt aware of...
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
Steve KnightIT ConsultancyCommented:
F
0
 
AdamRobinsonCommented:
?

Just open your Group Policy MMC, Right-Click on the Domain, and Create and Link a GPO.

Make sure your GPO takes precedence in the inheritance chain for the users.  

0
 
AdamRobinsonCommented:
Dragon,

F  ???
0
 
Steve KnightIT ConsultancyCommented:
Oops, that wasn;t the start  of something dodgy, was trying to say:

For domain accounts they use the policy assigned to the domain controllers and there can only be one.  Setting policies for computers if anythign will set their local account policies for local accounts.
0
 
AdamRobinsonCommented:
Dragon,

You sure about that?  Not saying you are incorrect, but I vaguely recall having done this before and having it work properly.  Perhaps I'm suffering from a case of bad memory.  Will run a test here in a bit and see.

0
 
AdamRobinsonCommented:
You are correct, Dragon.

Please disregard my previous comments, Amenoss, they are in error.
0
 
Steve KnightIT ConsultancyCommented:
Yes, you aren't logging into your own machine local a/c, you are logging 'into' a DC so it is the DC's account policy that takes.
0
 
Steve KnightIT ConsultancyCommented:
0
 
Steve KnightIT ConsultancyCommented:
So sorry, the answer is thrid party s/w, a new domain, or local login a/cs.
0
 
amenossAuthor Commented:
Dragon thanks for the clarification and the link...
0
 
Steve KnightIT ConsultancyCommented:
No problem, it's a pain but its how it is!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now