Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to configure specific password policy for a single OU

Posted on 2013-06-12
5
Medium Priority
?
1,026 Views
Last Modified: 2013-06-13
Hello -

We are running in a mixed mode active directory environment (2003 and 2008 R2 servers).  We have about 20 service account located within 1 OU that we'd like to have a different minimum password age than the rest of the default group policy.  Is there a way to do this?  I'm getting a ton of conflicting info on this topic.  My thought was to block policy inheritance,  somehow get our default settings reapplied to this OU, and then change the one setting i need.

Is there a way?

thanks

-Josh
0
Comment
Question by:MMIC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1500 total points
ID: 39242537
No way to do this via group policy.  Using a GPO there is one PW policy linked at the domain.  When you are at 2008 domain functional level you can implement fine grained password policies

http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx

That will allow you to create different policies for users/groups.  FGPP was developed to tackle problems just like yours.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39242546
You can't - you can only have one password policy per domain. - however you can use a fine-grained password policy (assuming you have server 2008), to apply a different policy to a security group

http://akrameleyan.wordpress.com/2013/01/06/why-and-how-to-use-fine-grained-password-policies/
0
 
LVL 10

Expert Comment

by:Zenvenky
ID: 39243418
0
 

Author Closing Comment

by:MMIC
ID: 39244334
thanks guys, that is what i thought but was hoping you had a magic answer i had missed.  i'll have to wait until i get to a true 2008 environment.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39244355
There are also third party tools like specops that can help in your 2003 domain  I'd save the cash until you get to 2008

Thanks

Mike
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question