[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

Secure Passwords To Some Users

Hi.

My company have Windows Small Business Server 2003 and it acts as a domain-controller.
The users in that domain have no restriction in how to set their passwords.
I want to set up more secure passwords for SOME (most) users, by secure I mean that I want to have SBS force them to change password regularly and have some certain length on it and so on.

I want to this as a policy that reflects on all users, BUT I want some users NOT to have this policy, some users shall still be able to set weaker password, or not have to change after a time.

(We have some clients set up for special program, that always run with the same user, and access the file on server trough script with username and password. We don't to want to change this script regularly just because we have to change password)

I found this, shown in the pictures attached, in "Server Management" but it seems like this reflects on ALL users.

How do I do?
Pelle


server2003.jpg
0
PerBoman
Asked:
PerBoman
  • 4
  • 3
  • 2
1 Solution
 
Raymond JansenCommented:
If you sort your users in active directory and computers in different organizational units, you can apply a different policy to each OU.

Then you can set strong passwords on 1 OU and not on the other.


Ray
0
 
PerBomanAuthor Commented:
How to create a OU?
Can that be done without interfering with current settings?
0
 
Raymond JansenCommented:
When you start active directory users and computers, right click on a folder where you want to create an OU, select new, Organizational Unit.


Ray
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
SpicyHamCommented:
Just be aware that when you move users into your new OU you might lose some of the GPOs that were affecting them. But R-Jansen is right, creating an OU and a new GPO is the only right way to do this.
0
 
PerBomanAuthor Commented:
How do I know if I'm losing group policy, when I create new OU?
Thats exectly what I'm "afraid" of. I don't want to mess up some other settings now, just change password policy.

0
 
Raymond JansenCommented:
Group policy inherets rights just as file access rights.

I allways think you need to make as little as possible group policy's.

If you know what policy's are in effect then you can make sure that you don't have conflicting policy's. So, if you make sure that in both the policy for the strong passwords and in the policy for the non strong passwords that you define THE SAME policy settings, but of course with different values, you will be fine.


Ray
0
 
PerBomanAuthor Commented:
I also read this on another site:

"
There can only be one account (and therefore password) policy in domain and
this policy can only be set on domain level. If you require different
password policy for different users, you will need to setup two domains
(e.g. root and child domain).
You can actually change account settings on OU policy, but this policy will
not have any effect on domain accounts in this OU. It will only have effect
on local user account on computers that might be in this OU.
"

and I dont want two doamins, or only affect local user.
0
 
SpicyHamCommented:
The safest bet is to create your OU as a subfolder of whatever container your users are currently in. Then add the group policy to that container. This way you should inherit all the setting in other group polices and any users in that container will have the additional password policy.

This isn't terribly dangerous stuff, you won't bugger up your server by doing this.
0
 
PerBomanAuthor Commented:
How about setting first 1. On the users I dont want to affect on the policy "User cant change password, and password never expires".
and then 2.
just create a domain password policy, will that then only affect domain uses, and not the ones with stated above (User cant change password, and password never expires".) ??
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now