Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

GPO "Small Business Server Domain Password Policy" not applying

Posted on 2010-08-18
6
Medium Priority
?
668 Views
Last Modified: 2012-06-21
I have a SBS 2003 and Terminal Server running Win Svr 2003 and having issues with the above GPO.

I have removed Authenticated Users from Security Filtering and added Security Group "TST GPO Password Policy" where I have a User in this group.

When I log on with User to the TS that is in this SG, and run gpupdate /force and then a gpresult the GPO is showing as:
Small Business Server Domain Password Policy
    Filtering:  Not Applied (Empty)

The User is apart of the SG, the GPO is enabled and applied to root of domain and all inheritance is not blocked.

0
Comment
Question by:Flipp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 6

Author Comment

by:Flipp
ID: 33472120
Additional info I have found out, but still no solid answer:
1. You can only have ONE Password Policy in 2003
2. Password Policy GPO settings are Computer, but my SG created only contains User objects


?????

Is it possible to have a password policy which is applied to a subset of users?
0
 
LVL 34

Assisted Solution

by:Shreedhar Ette
Shreedhar Ette earned 400 total points
ID: 33472263
There should be only one password policy for the entire domain.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 1600 total points
ID: 33472277
In Windows 2003 you cannot have more that 1 password policy. It is set in "Default Domain Policy" in Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy node and affects each user in a domain (even if it's computer node policy!). If you want to have more than 1 password policy you need to create sub-domains with their own password policies (but it's difficult to manage) or use SBS2008 there are granular password policies available.

So, domain password policy is unique in a domain and it doesn't matter if you created additional (more restrict) password policies and linked them to OU. The will not take effect at all.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Author Comment

by:Flipp
ID: 33472279
I would like to test only pushing out Password Policy to a group of users - how would I do this?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33472301
in 2003 it is not possible at all, sorry. To be able manage this way, you need 2008 (SBS or normal edition)
0
 
LVL 6

Author Comment

by:Flipp
ID: 33481614
Then why does SBS 2003 add a GPO called 'Small Business Server Domain Password Policy' if you can not use it at all?

I am hearing that the only way to set a PP in SBS 2003 is using the Default Domain Policy.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question