GPO "Small Business Server Domain Password Policy" not applying

I have a SBS 2003 and Terminal Server running Win Svr 2003 and having issues with the above GPO.

I have removed Authenticated Users from Security Filtering and added Security Group "TST GPO Password Policy" where I have a User in this group.

When I log on with User to the TS that is in this SG, and run gpupdate /force and then a gpresult the GPO is showing as:
Small Business Server Domain Password Policy
    Filtering:  Not Applied (Empty)

The User is apart of the SG, the GPO is enabled and applied to root of domain and all inheritance is not blocked.

Who is Participating?
Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
In Windows 2003 you cannot have more that 1 password policy. It is set in "Default Domain Policy" in Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy node and affects each user in a domain (even if it's computer node policy!). If you want to have more than 1 password policy you need to create sub-domains with their own password policies (but it's difficult to manage) or use SBS2008 there are granular password policies available.

So, domain password policy is unique in a domain and it doesn't matter if you created additional (more restrict) password policies and linked them to OU. The will not take effect at all.
FlippAuthor Commented:
Additional info I have found out, but still no solid answer:
1. You can only have ONE Password Policy in 2003
2. Password Policy GPO settings are Computer, but my SG created only contains User objects


Is it possible to have a password policy which is applied to a subset of users?
Shreedhar EtteConnect With a Mentor Commented:
There should be only one password policy for the entire domain.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

FlippAuthor Commented:
I would like to test only pushing out Password Policy to a group of users - how would I do this?
Krzysztof PytkoSenior Active Directory EngineerCommented:
in 2003 it is not possible at all, sorry. To be able manage this way, you need 2008 (SBS or normal edition)
FlippAuthor Commented:
Then why does SBS 2003 add a GPO called 'Small Business Server Domain Password Policy' if you can not use it at all?

I am hearing that the only way to set a PP in SBS 2003 is using the Default Domain Policy.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.