We help IT Professionals succeed at work.

SBS 2003 Default domain policy vs. SBS Domain password policy

agdickinson
agdickinson asked
on
1,290 Views
Last Modified: 2008-01-09
I have a server with Windows Small Business Server 2003 R2 installed, for which I'm looking to implement password policies. However I've noticed that in group policies that there are two policies which setup the maximum password age,length, complexity etc. These are:

Default Domain Policy
Small Business Server Domain Password Policy

When I use the SBS2003 wizard to setup the policy the 'Small Business Server Domain Password Policy' is updated but the 'Default Domain Policy' is not updated.

Which policy will overwrite the other policy?

They are both linked and located under domain.local on the tree?

Also I've noticed that some of the settings of 'Default Domain Policy' are also replicated in the 'Small Business Server Lockout Policy'.

So I need to know is this correct and wil lthe 'SBS Domain Password Policy' overrule the 'Default Domain Policy'

Any help would be appreciated
Comment
Watch Question

Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
In small business server, the domain is geared to use all of the small business policies...  This is by design...

-saige-

Commented:
In other words, I am saying that the behaviour that you are seeing is by design...

-saige-

Author

Commented:
Hi,
Under the domain.local listing in Group Policy the order is

Default Domain Policy
Small Business Server - Windows Vista Policy
Small Business Server Domain Password Policy

Author

Commented:
When I run the 'Configure Password Policies' wizard under Server Management the
'Small Business Server Domain Password Policy' is updated, but the 'Default Domain Policy' is not touched and this comes before the one updated by the wizard.

What security filtering should be setup on the GPO's?

Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:
If you do not need security filtering then leave it alone - this is used to prevent policies applying to selected groups

Commented:
I should say: Small Bussiness Server Policies (as there are multiple) merged with the Default Domain Policy...

-saige-

Author

Commented:
So will any changes I make using the wizards replicate themselves into the 'Default Domain Policy' as certain settings in this seem to conflict with settings in GPO objects starting with 'Small Business Server....'.

From what I can see any changes made by the wizards will be overwritten by the 'Default Domain Policy' as this is at the top of the Xircon.local domain.

Author

Commented:
What should the 'location' and 'security filtering' be by default for the following Group Policy Objects as I modified some in error and need to change back. (I come from a Windows 2003 background so was not used to SBS 2003 wizards until I backed out all the changes to use the wizards for everything now).

Default Domain Policy
Small Business Server Domain Password Policy
Small Business Server Autditing Policy
Small Business Server Lockout Policy

Commented:
As I stated the Small Business Server Policies merge with the Default Domain Policy.  No policies in the Default Domain Policy are set when running any of the Small Business Server Wizards.

-saige-

Author

Commented:
Hi -saige-

So sorry to sound a bit slow.. been a long week so far...

Small Business Server Domain Password Policy

has been updated by the 'Configure Password Polices' to have 'password age of 60 days' and 'password length of 8 characters'.

But the default domain policy has password age and password length set to 0 and 0.

So the SBS Password policy merges in and sets the settings to 60 days and 8 characters right?

Author

Commented:
Ok just tested it so it merges up so any changes merge up into the default domain policy.

Thanks for the help -saige'

Commented:
I understand, been a rough week for me to man...  Yes, you are exactly correct though, the merge means that it applies the Small Business Server Domain Password Policie over the Default Domain Policies...

-saige-

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.