Improve company productivity with a Business Account.Sign Up

x
?
Solved

How to configure specific password policy for a single OU

Posted on 2013-06-12
5
Medium Priority
?
1,129 Views
Last Modified: 2013-06-13
Hello -

We are running in a mixed mode active directory environment (2003 and 2008 R2 servers).  We have about 20 service account located within 1 OU that we'd like to have a different minimum password age than the rest of the default group policy.  Is there a way to do this?  I'm getting a ton of conflicting info on this topic.  My thought was to block policy inheritance,  somehow get our default settings reapplied to this OU, and then change the one setting i need.

Is there a way?

thanks

-Josh
0
Comment
Question by:MMIC
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1500 total points
ID: 39242537
No way to do this via group policy.  Using a GPO there is one PW policy linked at the domain.  When you are at 2008 domain functional level you can implement fine grained password policies

http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx

That will allow you to create different policies for users/groups.  FGPP was developed to tackle problems just like yours.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39242546
You can't - you can only have one password policy per domain. - however you can use a fine-grained password policy (assuming you have server 2008), to apply a different policy to a security group

http://akrameleyan.wordpress.com/2013/01/06/why-and-how-to-use-fine-grained-password-policies/
0
 
LVL 10

Expert Comment

by:ZenVenky
ID: 39243418
0
 

Author Closing Comment

by:MMIC
ID: 39244334
thanks guys, that is what i thought but was hoping you had a magic answer i had missed.  i'll have to wait until i get to a true 2008 environment.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39244355
There are also third party tools like specops that can help in your 2003 domain  I'd save the cash until you get to 2008

Thanks

Mike
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question