David Tolo Technology Manager
asked on
How to configure specific password policy for a single OU
Hello -
We are running in a mixed mode active directory environment (2003 and 2008 R2 servers). We have about 20 service account located within 1 OU that we'd like to have a different minimum password age than the rest of the default group policy. Is there a way to do this? I'm getting a ton of conflicting info on this topic. My thought was to block policy inheritance, somehow get our default settings reapplied to this OU, and then change the one setting i need.
Is there a way?
thanks
-Josh
We are running in a mixed mode active directory environment (2003 and 2008 R2 servers). We have about 20 service account located within 1 OU that we'd like to have a different minimum password age than the rest of the default group policy. Is there a way to do this? I'm getting a ton of conflicting info on this topic. My thought was to block policy inheritance, somehow get our default settings reapplied to this OU, and then change the one setting i need.
Is there a way?
thanks
-Josh
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Agree with other experts. You have only one option and that is FGGPP (Fine-Grained Password Policy). For more info about FGPP refer below links.
http://blogs.technet.com/b
http://technet.microsoft.c
http://blogs.chrisse.se/quick-start-guide-for-fine-grain-password-policy-tool/
http://blogs.technet.com/b
http://technet.microsoft.c
http://blogs.chrisse.se/quick-start-guide-for-fine-grain-password-policy-tool/
ASKER
thanks guys, that is what i thought but was hoping you had a magic answer i had missed. i'll have to wait until i get to a true 2008 environment.
There are also third party tools like specops that can help in your 2003 domain I'd save the cash until you get to 2008
Thanks
Mike
Thanks
Mike
http://akrameleyan.wordpress.com/2013/01/06/why-and-how-to-use-fine-grained-password-policies/