preshomes
asked on
Windows 2003 R2 - Domain Password Policies
I am currently running a Windows 2003R2 AD Domain and I want to require our employees to change their password every 90 days but there are a couple folks that I do not want to require this for. If I set the GPO Default Domain Account Password Policies and then for the users that I do not want to enfore this password policy on just merely choose the option "Password Never Expires" and I will accomplish my goal?
2010-03-25-1511.png
2010-03-25-1511.png
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Create a seperate OU for each of the two groups of users and apply a different policy to each OU, problem solved :D
Neilsr -
You are aware that that won't work - password policies are domain wide and cannot be segmented like that.
You are aware that that won't work - password policies are domain wide and cannot be segmented like that.
Quote from http://technet.microsoft.com/en-us/magazine/2007.12.securitywatch.aspx
"If you run any version of Windows® domain today (Windows NT®, Windows 2000 Active Directory®, or Windows Server® 2003 Active Directory), you are limited to a single password policy per domain."
"If you run any version of Windows® domain today (Windows NT®, Windows 2000 Active Directory®, or Windows Server® 2003 Active Directory), you are limited to a single password policy per domain."
ASKER
This article supports leew's suggestion.... http://technet.microsoft.com/en-us/library/cc875814.aspx
Thanks leew
Thanks leew