We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Windows 2008 - Local Account password policy

Medium Priority
695 Views
Last Modified: 2012-08-14
Hi,

We wanted to use a non-complex password for a local account on Windows 2008 server. The system is not allowing us to enter the password because it thinks is not in compliance with the secure policy.

We do complexity password policy at the domain level.
 
Is the domain policy also managing the local account? If so, can you please explain why? Also is there anyway to change this for this particular server without having to change the domain policy?

Thank you.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013

Commented:
Yes the domain policy is being applied to your local PC too.  What you can do is create a new GPO for password policy and apply that to where your machines are.  

That PW policy linked at the OU level will only affect local accounts not domain accounts.

Thanks

Mike
JamesSenior Cloud Infrastructure Engineer
CERTIFIED EXPERT

Commented:
On the Domain Controller you also have the Domain Controllers Policy for Domain Controllers. So you will have to change this if you want to use a less complex password policy.
JamesSenior Cloud Infrastructure Engineer
CERTIFIED EXPERT

Commented:
As well as the Domain Controllers Policy you have the Local Policy too which you will need to change.

Author

Commented:
I understand mkline71 option but I don't quite understand JBond2010. The goal is to modify the local policy for 2 servers and their local user accounts. I don't want this for every single server/workstation out there. These 2 servers are not DCs are just member servers.  

I can't go with mkline71 solution yet because my DCs are Windows 2003.

JBond2010Date can you please clarify your option?  
CERTIFIED EXPERT
Top Expert 2013

Commented:
Yes you can, you just create a new GPO, call it "Local PW Settings"  link that to the OU.  Test it and get a feel for it.

Sorry for the shorter responses...busy at work right now.

Thanks

Mike
JamesSenior Cloud Infrastructure Engineer
CERTIFIED EXPERT

Commented:
@ LLarava, this should be the Local Policy, this would be where you make the changes.
CERTIFIED EXPERT
Top Expert 2013

Commented:
local policy will lose though,  GPOs are applied by LSDOU

Local > site > domain > ou

Author

Commented:
Local policy will be overwritten by the LSDOU as mkline71 indicated.

However, in Windows 2003 there is only one domain password policy per domain so you can't create different password complexity policies. So password complexity can be disabled or enabled at the domain level.


 

CERTIFIED EXPERT
Top Expert 2013

Commented:
You however create another PW policy....that will affect local accounts on the PCs/Servers that it is linked too

Correct one password policy per domain...for domain accounts.

Thanks

Mike

Author

Commented:
I guess this is what I am not understanding "how to create policy for local accounts only"  - Where/how do I have to create this policy only for local account?

Author

Commented:
Q/A - Local users password policy different from complex domain password policy?

http://www.techrepublic.com/forum/questions/101-281268

Author

Commented:
Hi Mike,

Any other toughts about this?

Thank you.
CERTIFIED EXPERT
Top Expert 2013
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.