[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Multiple password policies in Active Directory

Posted on 2008-01-25
6
Medium Priority
?
341 Views
Last Modified: 2010-03-17
I would like to have 2 password policies in my Active Directory 2003 one with a strict password policy and one with a less restrictive password policy. Is it possible to filter out a user group from the GPO with the strict password policy by using the ACL on the GPO with the strict password policy?
0
Comment
Question by:nobska
  • 2
  • 2
  • 2
6 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 750 total points
ID: 20744546
Not possible until Windows Server 2008 without third-party tools.  2000 and 2003 AD support only a single password policy per domain natively.
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 20744605
Hi!

This is one of third party tools: http://nfrontsecurity.com/products/nfront-password-filter/

Toni
0
 

Author Comment

by:nobska
ID: 20744739
Why is it not possible to filter the stronger password policy GPO from a particular group by using the ACL and placing that group in the Deny column?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20744764
Implementation detail of Active Directory - password polilcy is not stored in a Group Policy Object, it is an attribute of the Domain NC (which is why you only get one per domain). That you can edit this domain NC attribute via GPMC is an administrative convenience.
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 20744812
Password policy applies to domain controllers and that's where password change actually happens.
0
 

Author Comment

by:nobska
ID: 20745356
Thank you for your help. I am disappointed by the answer but the two of you have saved us from an implementation nightmare. I will wait until we upgrade to Windows Server 2008 to implement the password policy change.
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question