Link to home
Start Free TrialLog in
Avatar of kmk2123
kmk2123

asked on

Set password policy for specific groups in AD

Hey Guys!

Am running AD on Server 2003. I am wondering if I can set a passwor dposlivy (90 days/alphanumeric etc...) on some of my users but not all...

Am thinking I may have to create seperate groups?  Set policy for one group, and not another. Then add the users to those newly created groups?

Thanks!
Avatar of kmk2123
kmk2123

ASKER

Sorry - thats "password policy"
Avatar of datatechas
datatechas
Flag of Norway image
Create a new OU (Organizational Unit) in Active DIrectory Users and Computers. Create a new GPO (group policy object) with the desired account settings and enable it for this specific OU. Now, you can move the actual users from "users" over to the new OU.
The security or/and distribution membership is not affected when moving the users.

The easiest way of managing GPOs is through the "Group Policy Manager". If you don`t already have it, you can download it from Microsoft.
ASKER CERTIFIED SOLUTION
Avatar of Ignatius_A
Ignatius_A
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ignatius_A
Ignatius_A
Flag of United Kingdom of Great Britain and Northern Ireland image
Another option (if you're a coder and have the spare time) is to write a password filter. This will allow you to set your own complexity rules, but i don't think you can set password max age separately (might be wrong here)

for a starter try here: http://www.devx.com/security/Article/21522/1763/page/2 

Alternatively, there are there are a couple of third party solutions out there, for example

http://nfrontsecurity.com/products/nfront-password-filter/ 

Hope this helps