• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2253
  • Last Modified:

Setting password policies via GPO or SBS standard console?

Hi-

I am about to enforce password policies at my company but after testing I realize my GPO while active is not being used.  It seems that the policy set in the SBS 2011 Standard Console for password policies is being used.  My question is:  In SBS2011 should I be using the console to do password policies or can I use GPO's?  If so, which default GPO will make changes to the password policies.  I was modifying the 'Default GPO' but I guess that is not it.
When I do a 'Net Account' on the DC it shows me the current password policy set in the Standard Console and not my GPO's.

I appreciate the advice.
0
ChicagoTransplant
Asked:
ChicagoTransplant
  • 4
  • 3
  • 2
  • +1
3 Solutions
 
zackmccrackenCommented:
change the domain policy since this should effect all machines and users within your domain
0
 
ChicagoTransplantAuthor Commented:
I was modifying the 'Default Domain Policy' linked directly to the domain.  I do not see any other policy linked directly to the domain that has anything to do with password policies.  I am trying to figure out if SBS has something else built into it to manage the password policies that is overiding GPO's.
0
 
Sushil SonawaneCommented:
You cab modify default domain policy to manage the password policy.

OR

If you want to change the password policy through SBS console then refer below link:

http://www.vestalsgap.com/tips/small-business-server-2011
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Rob WilliamsCommented:
With SBS ALWAYS use the SBS wizards and tools.  To do so go to SBS management console | Users & Groups | Users | on the right - change password policies.
Manually editing SBS related features can result in competing policies.
0
 
ChicagoTransplantAuthor Commented:
Ok, that's fine, I will disable the 'Default Local Policy' and just use the SBS wizard.  If I am now using the Wizard, how do I change the 'Minimum Password Age days' and how many passwords SBS2011 remembers? I am looking for a little control over this like you get with GPO's...
0
 
Sushil SonawaneCommented:
don't disable to the default domain local policy you make changes through SBS it's automatically change in policy.
0
 
ChicagoTransplantAuthor Commented:
They do not match up -- the default domain and my current settings are different.
0
 
Sushil SonawaneCommented:
Microsoft recommended default domain policy has to enable state not a disable state. You can achieve this creating new policy also or SBS console base.
0
 
ChicagoTransplantAuthor Commented:
Ok, but if I am going through SBS console, how do I make changes to other parts of the password policy like minimum age and the amount of passwords it remembers?
0
 
Rob WilliamsCommented:
The SBS console will edit the existing "default domain policy".  Use it to set the initial configuration which will allow you to set the minimum # of characters and enforce password complexity, and then if you wish, you can edit the policy itself to change from the default # of remembered passwords and numbers of days before having to change the password.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now