?
Solved

How to setup a shorter password expiration policy for a certain group of users.

Posted on 2006-11-01
14
Medium Priority
?
301 Views
Last Modified: 2010-08-05
We have a group of users (actually 2) that need to have shorter password expiration than the rest of our normal users. How do you set something like this up?

Example:

1. All domain users passwords expire every 30 days
2. Need to maintain the above policy and have a policy for a certain group of users that forces a change every 15 days.
0
Comment
Question by:amenoss
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
14 Comments
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17849510
Set up a new Group Policy, and add only the users/computers the user uses that you want the policy to apply to.

Edit the policy, then go to:

Computer Configuration -> Windows Settings -> Security Settings -> Password Policy

And define the maximum password age for them there.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17849577
You can't IMHO for domain accounts.  It is a domain wide, if you want different password policies you need multiple domains or third party tools:

http://www.specopssoft.com/products/specopspasswordpolicy/Default.asp

Steve
0
 

Author Comment

by:amenoss
ID: 17849972
Adam, I guess thats where im confused Im not sure how to setup a another group policy for a domain.....I was hoping there was a way other than dragon (thanks for the link!) had provided that I just wasnt aware of...
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850010
F
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850015
?

Just open your Group Policy MMC, Right-Click on the Domain, and Create and Link a GPO.

Make sure your GPO takes precedence in the inheritance chain for the users.  

0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850026
Dragon,

F  ???
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850031
Oops, that wasn;t the start  of something dodgy, was trying to say:

For domain accounts they use the policy assigned to the domain controllers and there can only be one.  Setting policies for computers if anythign will set their local account policies for local accounts.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850048
Dragon,

You sure about that?  Not saying you are incorrect, but I vaguely recall having done this before and having it work properly.  Perhaps I'm suffering from a case of bad memory.  Will run a test here in a bit and see.

0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17850069
You are correct, Dragon.

Please disregard my previous comments, Amenoss, they are in error.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850081
Yes, you aren't logging into your own machine local a/c, you are logging 'into' a DC so it is the DC's account policy that takes.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850098
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 200 total points
ID: 17850110
So sorry, the answer is thrid party s/w, a new domain, or local login a/cs.
0
 

Author Comment

by:amenoss
ID: 17850124
Dragon thanks for the clarification and the link...
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17850171
No problem, it's a pain but its how it is!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question