Set password policy for specific groups in AD

kmk2123
kmk2123 used Ask the Experts™
on
Hey Guys!

Am running AD on Server 2003. I am wondering if I can set a passwor dposlivy (90 days/alphanumeric etc...) on some of my users but not all...

Am thinking I may have to create seperate groups?  Set policy for one group, and not another. Then add the users to those newly created groups?

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
Sorry - thats "password policy"
Create a new OU (Organizational Unit) in Active DIrectory Users and Computers. Create a new GPO (group policy object) with the desired account settings and enable it for this specific OU. Now, you can move the actual users from "users" over to the new OU.
The security or/and distribution membership is not affected when moving the users.

The easiest way of managing GPOs is through the "Group Policy Manager". If you don`t already have it, you can download it from Microsoft.
Unfortunately, Windows server 2003 does not have the functionality to allocate different password policies to different users.

this feature is known as "fine grained password policy" and was introduced in windows server 2008

see http://technet.microsoft.com/en-us/library/cc770394%28WS.10%29.aspx 

Setting the security policy in any other GPO other than the default domain policy only changes the settings relating to the local workstation ( ie it only affects local accounts not AD accounts)

The fix for this prior to 2008 was to deploy a new domain, assuming the requirement warranted it

Regards
Another option (if you're a coder and have the spare time) is to write a password filter. This will allow you to set your own complexity rules, but i don't think you can set password max age separately (might be wrong here)

for a starter try here: http://www.devx.com/security/Article/21522/1763/page/2 

Alternatively, there are there are a couple of third party solutions out there, for example

http://nfrontsecurity.com/products/nfront-password-filter/ 

Hope this helps

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial