<div>
Hi!<br />
<br />
This is one of third party tools: <a href="http://nfrontsecurity.com/products/nfront-password-filter/" rel="ugc">http://nfrontsecurity.com/products/nfront-password-filter/</a><br />
<br />
Toni
</div>


Hi!

This is one of third party tools: http://nfrontsecurity.com/products/nfront-password-filter/ [http://nfrontsecurity.com/products/nfront-password-filter/]

Toni

<div>
Why is it not possible to filter the stronger password policy GPO from a particular group by using the ACL and placing that group in the Deny column?
</div>


Why is it not possible to filter the stronger password policy GPO from a particular group by using the ACL and placing that group in the Deny column?

<div>
Implementation detail of Active Directory - password polilcy is not stored in a Group Policy Object, it is an attribute of the Domain NC (which is why you only get one per domain). That you can edit this domain NC attribute via GPMC is an administrative convenience.
</div>


Implementation detail of Active Directory - password polilcy is not stored in a Group Policy Object, it is an attribute of the Domain NC (which is why you only get one per domain). That you can edit this domain NC attribute via GPMC is an administrative convenience.

<div>
Password policy applies to domain controllers and that's where password change actually happens.
</div>


Password policy applies to domain controllers and that's where password change actually happens.

<div>
Thank you for your help. I am disappointed by the answer but the two of you have saved us from an implementation nightmare. I will wait until we upgrade to Windows Server 2008 to implement the password policy change.
</div>


Thank you for your help. I am disappointed by the answer but the two of you have saved us from an implementation nightmare. I will wait until we upgrade to Windows Server 2008 to implement the password policy change.

<div>
<div class="content wysiwyg-content">
I would like to have 2 password policies in my Active Directory 2003 one with a strict password policy and one with a less restrictive password policy. Is it possible to filter out a user group from the GPO with the strict password policy by using the ACL on the GPO with the strict password policy?
</div>
</div>


I would like to have 2 password policies in my Active Directory 2003 one with a strict password policy and one with a less restrictive password policy. Is it possible to filter out a user group from the GPO with the strict password policy by using the ACL on the GPO with the strict password policy?

Multiple password policies in Active Directory

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.