Password Policy

ramziabk used Ask the Experts™
I created a Password policy that forces the users to change their passwords every 30 days. The Password should be at least 8 characters, contains both numbers and letters and the same password can't be repeated for at least 3 month.

I need to exclude one user from this policy. i.e. the user need not to change his password and he can use the same password and he can use only letters or numbers.

How to do that. I have Windows 2003 server with Active Directoty.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JAN PAKULAICT Infranstructure Manager

Or under  account properties select password never expires
kevinhsiehNetwork Engineer

You can't technically do what you want until you upgrade your AD to Windows 2008, which includes a feature called Fine-Grained Password Policies. The best you can do is to not require the password to be changed.

There is no option for how long until a password can be reused. The password reuse policy refers to how many times the password must be changed before a password may be reused. Valid values are from 0-24.

AD DS: Fine-Grained Password PoliciesUpdated: July 14, 2010

Applies To: Windows Server 2008

The Windows Server® 2008 operating system provides organizations with a way to define different password and account lockout policies for different sets of users in a domain. In Microsoft® Windows® 2000 and Windows Server® 2003 Active Directory domains, only one password policy and account lockout policy could be applied to all users in the domain. These policies were specified in the Default Domain Policy for the domain. As a result, organizations that wanted different password and account lockout settings for different sets of users had to either create a password filter or deploy multiple domains. Both options are costly for different reasons.

What do fine-grained password policies do?
You can use fine-grained password policies to specify multiple password policies within a single domain. You can use fine-grained password policies to apply different restrictions for password and account lockout policies to different sets of users in a domain.

For example, you can apply stricter settings to privileged accounts and less strict settings to the accounts of other users. In other cases, you might want to apply a special password policy for accounts whose passwords are synchronized with other data sources.

yada yada yada
Brian PiercePhotographer
Awarded 2007
Top Expert 2008

You can't do this with Server 2003 - only one password policy per domain

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial