Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 513
  • Last Modified:

Some questions about password policies and GPOs in SBS 2003 R2 Group Policy objects

I am experimenting with GPOs in SBS 2003 R2 and had a couple questions / want to make sure I am not missing something.

the password wizard goes just so far?  you have to manually change the GPO to change the number of passwords it remembers, right? (along with min time of password life, etc.)

There's a bunch of GPOs out of the box!?  you have the default domain policy abd domain password policy.  they seem to conflict with each other on how many passwords are maintained (even though the password policy wizard is unchecked to remember ANY!)

Which takes precidence / why they conflict right out of the box?

when you run the password policy wizard and say 3 days ... does it cue up a batch job to make the change or is there a way in the registry to say 'start this after date X?
2 Solutions
You can only apply password and account policies at the domain level (the default domain policy)
Any settings applied anywhere else are ignored.
babaganooshAuthor Commented:
otehr gpo's besides the default domain policy can have password policieis in them, right?  they are ignored because they are lower in the GPO list?  Or higher numbered ones take precidence?

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Almost ALL default SBS GPOs are applied at the domain level, including the Small Business Server Domain Password Policy which is configured using the "Configure Password Policy" wizard.

In stand-alone Windows Server environments, you'd configure the password policy in the defualt domain policy, but not on SBS.  Instead, it's done with the separate GPO, which sits BELOW the default domain policy.  Since the Password GPO is more restrictive, it'll apply even though it is under the domain GPO.

If you don't select "immediately" for when to apply the policy, there are no changes made to the GPO.  Instead, a Scheduled Task is created to run and change the GPO according to when you directed it to.


Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now