[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 676
  • Last Modified:

Windows 2008 - Local Account password policy

Hi,

We wanted to use a non-complex password for a local account on Windows 2008 server. The system is not allowing us to enter the password because it thinks is not in compliance with the secure policy.

We do complexity password policy at the domain level.
 
Is the domain policy also managing the local account? If so, can you please explain why? Also is there anyway to change this for this particular server without having to change the domain policy?

Thank you.
0
llarava
Asked:
llarava
  • 5
  • 5
  • 3
1 Solution
 
Mike KlineCommented:
Yes the domain policy is being applied to your local PC too.  What you can do is create a new GPO for password policy and apply that to where your machines are.  

That PW policy linked at the OU level will only affect local accounts not domain accounts.

Thanks

Mike
0
 
JBond2010Commented:
On the Domain Controller you also have the Domain Controllers Policy for Domain Controllers. So you will have to change this if you want to use a less complex password policy.
0
 
JBond2010Commented:
As well as the Domain Controllers Policy you have the Local Policy too which you will need to change.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
llaravaAuthor Commented:
I understand mkline71 option but I don't quite understand JBond2010. The goal is to modify the local policy for 2 servers and their local user accounts. I don't want this for every single server/workstation out there. These 2 servers are not DCs are just member servers.  

I can't go with mkline71 solution yet because my DCs are Windows 2003.

JBond2010Date can you please clarify your option?  
0
 
Mike KlineCommented:
Yes you can, you just create a new GPO, call it "Local PW Settings"  link that to the OU.  Test it and get a feel for it.

Sorry for the shorter responses...busy at work right now.

Thanks

Mike
0
 
JBond2010Commented:
@ LLarava, this should be the Local Policy, this would be where you make the changes.
0
 
Mike KlineCommented:
local policy will lose though,  GPOs are applied by LSDOU

Local > site > domain > ou
0
 
llaravaAuthor Commented:
Local policy will be overwritten by the LSDOU as mkline71 indicated.

However, in Windows 2003 there is only one domain password policy per domain so you can't create different password complexity policies. So password complexity can be disabled or enabled at the domain level.


 

0
 
Mike KlineCommented:
You however create another PW policy....that will affect local accounts on the PCs/Servers that it is linked too

Correct one password policy per domain...for domain accounts.

Thanks

Mike
0
 
llaravaAuthor Commented:
I guess this is what I am not understanding "how to create policy for local accounts only"  - Where/how do I have to create this policy only for local account?

0
 
llaravaAuthor Commented:
Q/A - Local users password policy different from complex domain password policy?

http://www.techrepublic.com/forum/questions/101-281268
0
 
llaravaAuthor Commented:
Hi Mike,

Any other toughts about this?

Thank you.
0
 
Mike KlineCommented:
Yes, tried to take a screenshot that may help

also take a look at this question I helped with a few years ago

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24058953.html

Thanks

Mike
PW-Policy.png
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

  • 5
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now