?
Solved

Setting password policies via GPO or SBS standard console?

Posted on 2013-01-09
10
Medium Priority
?
2,113 Views
Last Modified: 2013-01-09
Hi-

I am about to enforce password policies at my company but after testing I realize my GPO while active is not being used.  It seems that the policy set in the SBS 2011 Standard Console for password policies is being used.  My question is:  In SBS2011 should I be using the console to do password policies or can I use GPO's?  If so, which default GPO will make changes to the password policies.  I was modifying the 'Default GPO' but I guess that is not it.
When I do a 'Net Account' on the DC it shows me the current password policy set in the Standard Console and not my GPO's.

I appreciate the advice.
0
Comment
Question by:ChicagoTransplant
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 3

Expert Comment

by:zackmccracken
ID: 38759718
change the domain policy since this should effect all machines and users within your domain
0
 

Author Comment

by:ChicagoTransplant
ID: 38759730
I was modifying the 'Default Domain Policy' linked directly to the domain.  I do not see any other policy linked directly to the domain that has anything to do with password policies.  I am trying to figure out if SBS has something else built into it to manage the password policies that is overiding GPO's.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38759795
You cab modify default domain policy to manage the password policy.

OR

If you want to change the password policy through SBS console then refer below link:

http://www.vestalsgap.com/tips/small-business-server-2011
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 77

Accepted Solution

by:
Rob Williams earned 1336 total points
ID: 38759911
With SBS ALWAYS use the SBS wizards and tools.  To do so go to SBS management console | Users & Groups | Users | on the right - change password policies.
Manually editing SBS related features can result in competing policies.
0
 

Author Comment

by:ChicagoTransplant
ID: 38760453
Ok, that's fine, I will disable the 'Default Local Policy' and just use the SBS wizard.  If I am now using the Wizard, how do I change the 'Minimum Password Age days' and how many passwords SBS2011 remembers? I am looking for a little control over this like you get with GPO's...
0
 
LVL 18

Assisted Solution

by:Sushil Sonawane
Sushil Sonawane earned 664 total points
ID: 38760489
don't disable to the default domain local policy you make changes through SBS it's automatically change in policy.
0
 

Author Comment

by:ChicagoTransplant
ID: 38760497
They do not match up -- the default domain and my current settings are different.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38760676
Microsoft recommended default domain policy has to enable state not a disable state. You can achieve this creating new policy also or SBS console base.
0
 

Author Comment

by:ChicagoTransplant
ID: 38760690
Ok, but if I am going through SBS console, how do I make changes to other parts of the password policy like minimum age and the amount of passwords it remembers?
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 1336 total points
ID: 38760722
The SBS console will edit the existing "default domain policy".  Use it to set the initial configuration which will allow you to set the minimum # of characters and enforce password complexity, and then if you wish, you can edit the policy itself to change from the default # of remembered passwords and numbers of days before having to change the password.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question