Solved

password policy for particular user group

Posted on 2013-11-17
6
310 Views
Last Modified: 2013-12-05
Dear experts,

I have SBS2011 and I turned password policy off, because every user has limited permission and no remote access.

Now I need to create few admin accounts for some users and enforce password policy for them.


Regards,
Jarda
0
Comment
Question by:Jaroslav Latal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 7

Author Comment

by:Jaroslav Latal
ID: 39655672
I figured it out.
I created a security group, add those "special admins" to it.
Just apply that GPO to a computers and set security filtering for that group.

Jarda
0
 
LVL 10

Assisted Solution

by:Pramod Ubhe
Pramod Ubhe earned 100 total points
ID: 39655755
I am not sure about 2011 and how you figured it out but as far as I know, in 2008 you cannot have two separate password policies.
0
 
LVL 7

Author Comment

by:Jaroslav Latal
ID: 39655766
You mean in SBS2008? Even if you create new GPO?

Jarda¨
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 100 total points
ID: 39655769
NO YOU CANT

Only a password policy applied at the domain has any effect and it can't be blocked or filtered
The only way you can do what you want is by using a fine grained password policy
see http://pic.dhe.ibm.com/infocenter/seas/v2r4m1/index.jsp?topic=%2Fcom.ibm.help.seasimplementationguide.doc%2FSEAS_Create_Finegrained_Password_Policy.html

http://www.youtube.com/watch?v=CHvYa-pZRfE
0
 
LVL 7

Assisted Solution

by:joensw
joensw earned 100 total points
ID: 39655779
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 200 total points
ID: 39655782
You can have ONLY ONE password and account lockout policy in ANY 2003 AD Domain.In Windows Server 2008 and above introduces multiple password and account lockout policies through PSOs when the DFL = at least w2k8.Fine Grained Password Policy is for Windows 2008 and above server.
 
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc770842.aspx
 
AD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx


Change the Password Policy - SBS 2011
http://social.technet.microsoft.com/Forums/en-US/6faf6fd6-76ba-4da9-ac2f-a66130750d77/change-the-password-policy-sbs-2011?forum=smallbusinessserver
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question