Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to configure specific password policy for a single OU

Posted on 2013-06-12
5
Medium Priority
?
1,063 Views
Last Modified: 2013-06-13
Hello -

We are running in a mixed mode active directory environment (2003 and 2008 R2 servers).  We have about 20 service account located within 1 OU that we'd like to have a different minimum password age than the rest of the default group policy.  Is there a way to do this?  I'm getting a ton of conflicting info on this topic.  My thought was to block policy inheritance,  somehow get our default settings reapplied to this OU, and then change the one setting i need.

Is there a way?

thanks

-Josh
0
Comment
Question by:MMIC
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1500 total points
ID: 39242537
No way to do this via group policy.  Using a GPO there is one PW policy linked at the domain.  When you are at 2008 domain functional level you can implement fine grained password policies

http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx

That will allow you to create different policies for users/groups.  FGPP was developed to tackle problems just like yours.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39242546
You can't - you can only have one password policy per domain. - however you can use a fine-grained password policy (assuming you have server 2008), to apply a different policy to a security group

http://akrameleyan.wordpress.com/2013/01/06/why-and-how-to-use-fine-grained-password-policies/
0
 
LVL 10

Expert Comment

by:ZenVenky
ID: 39243418
0
 

Author Closing Comment

by:MMIC
ID: 39244334
thanks guys, that is what i thought but was hoping you had a magic answer i had missed.  i'll have to wait until i get to a true 2008 environment.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39244355
There are also third party tools like specops that can help in your 2003 domain  I'd save the cash until you get to 2008

Thanks

Mike
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question