• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2953
  • Last Modified:

Password Expiration Group Policy

I have set a password expiration group policy on our domain.  My question is, who receiveds the password expiration policy in a domain, the domain controller or individual computers?  Also, where is the best place to set the policy, on the "Default Domain Policy" or "Default Domain Controllers Policy"?
My reason for asking is because we use Active Directory for our user authentication on our customer website, and want set password expiration.  Before now there hasn't been any password policy set, and I just some information on how this works.
2 Solutions
In windows 2003 you can only have a single policy - it should be set at the Domain level - ie the default domain policy. It is the DC that actually enforces the policy.
To apply the password policy to DOMAIN user accounts, the policy must be set in the default domain policy.

A password policy applied anywhere else will only affect LOCAL user accounts.

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now