troubleshooting Question

Override Default Domain Password Policy

Avatar of Foxglovevol
FoxglovevolFlag for Afghanistan asked on
Windows NetworkingNetwork ManagementIT Administration
3 Comments1 Solution595 ViewsLast Modified:
I have a Win 2008 Domain and have a Group Policy assigned to the root of the domain which sets our default Password Policy for the domain (Length, Age, etc.).  This is of course done via the Computer Configuration settings of the GP, not the user settings.  I need to override this for a specific user and apply a seperate policy for this specific user or group.  

I have created a new OU further down the tree and set it to Block Inheritance using GPMC.MSC.  I then created a new GP and linked it to the OU.  I placed the user in the OU and then replicated using Sites/Serivices and also waited for an hour but I am unable to change the password on the account receiving a message telling me  conform to the default password policy.  

I have also used GPMC to assign a DENY permission for the Default Password Policy, but this also didn't work.

Finally I took a specific computer account and moved it into the OU I created with the Block Inheritance setting, then logged into that computer with the user account and tried to change the user's password by using CTRL-ALT-DEL....however I receive the same error telling me to conforms to the default user password policy.  

I beleive that my issue is the fact that the Default Password Policy is applied at the computer configuration level, and not the user level.  However, I don't see a way around this except perhaps to apply the default password policy at a lower level than root and put the new OU above it so that the policy wouldn't apply.  However, that has some implications to the design of our OUs and GPs that I don't feel are acceptable since I do want this policy to apply to EVERYONE, except the user/group I choose.  If I move the Default Policy down and somehow a User/Computer is inadvertantly put above it they won't get the appropriate policy.  

Any thoughts on how to overcome this obstacle?

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros