kmk2123
asked on
Set password policy for specific groups in AD
Hey Guys!
Am running AD on Server 2003. I am wondering if I can set a passwor dposlivy (90 days/alphanumeric etc...) on some of my users but not all...
Am thinking I may have to create seperate groups? Set policy for one group, and not another. Then add the users to those newly created groups?
Thanks!
Am running AD on Server 2003. I am wondering if I can set a passwor dposlivy (90 days/alphanumeric etc...) on some of my users but not all...
Am thinking I may have to create seperate groups? Set policy for one group, and not another. Then add the users to those newly created groups?
Thanks!
Create a new OU (Organizational Unit) in Active DIrectory Users and Computers. Create a new GPO (group policy object) with the desired account settings and enable it for this specific OU. Now, you can move the actual users from "users" over to the new OU.
The security or/and distribution membership is not affected when moving the users.
The easiest way of managing GPOs is through the "Group Policy Manager". If you don`t already have it, you can download it from Microsoft.
The security or/and distribution membership is not affected when moving the users.
The easiest way of managing GPOs is through the "Group Policy Manager". If you don`t already have it, you can download it from Microsoft.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another option (if you're a coder and have the spare time) is to write a password filter. This will allow you to set your own complexity rules, but i don't think you can set password max age separately (might be wrong here)
for a starter try here: http://www.devx.com/security/Article/21522/1763/page/2
Alternatively, there are there are a couple of third party solutions out there, for example
http://nfrontsecurity.com/products/nfront-password-filter/
Hope this helps
for a starter try here: http://www.devx.com/security/Article/21522/1763/page/2
Alternatively, there are there are a couple of third party solutions out there, for example
http://nfrontsecurity.com/products/nfront-password-filter/
Hope this helps
ASKER