Solved

password policy for particular user group

Posted on 2013-11-17
6
305 Views
Last Modified: 2013-12-05
Dear experts,

I have SBS2011 and I turned password policy off, because every user has limited permission and no remote access.

Now I need to create few admin accounts for some users and enforce password policy for them.


Regards,
Jarda
0
Comment
Question by:Jaroslav Latal
6 Comments
 
LVL 7

Author Comment

by:Jaroslav Latal
ID: 39655672
I figured it out.
I created a security group, add those "special admins" to it.
Just apply that GPO to a computers and set security filtering for that group.

Jarda
0
 
LVL 10

Assisted Solution

by:Pramod Ubhe
Pramod Ubhe earned 100 total points
ID: 39655755
I am not sure about 2011 and how you figured it out but as far as I know, in 2008 you cannot have two separate password policies.
0
 
LVL 7

Author Comment

by:Jaroslav Latal
ID: 39655766
You mean in SBS2008? Even if you create new GPO?

Jarda¨
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 100 total points
ID: 39655769
NO YOU CANT

Only a password policy applied at the domain has any effect and it can't be blocked or filtered
The only way you can do what you want is by using a fine grained password policy
see http://pic.dhe.ibm.com/infocenter/seas/v2r4m1/index.jsp?topic=%2Fcom.ibm.help.seasimplementationguide.doc%2FSEAS_Create_Finegrained_Password_Policy.html

http://www.youtube.com/watch?v=CHvYa-pZRfE
0
 
LVL 7

Assisted Solution

by:joensw
joensw earned 100 total points
ID: 39655779
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 200 total points
ID: 39655782
You can have ONLY ONE password and account lockout policy in ANY 2003 AD Domain.In Windows Server 2008 and above introduces multiple password and account lockout policies through PSOs when the DFL = at least w2k8.Fine Grained Password Policy is for Windows 2008 and above server.
 
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc770842.aspx
 
AD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx


Change the Password Policy - SBS 2011
http://social.technet.microsoft.com/Forums/en-US/6faf6fd6-76ba-4da9-ac2f-a66130750d77/change-the-password-policy-sbs-2011?forum=smallbusinessserver
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question