password policy for particular user group

Dear experts,

I have SBS2011 and I turned password policy off, because every user has limited permission and no remote access.

Now I need to create few admin accounts for some users and enforce password policy for them.

Jaroslav LatalMSPAsked:
Who is Participating?
SandeshdubeyConnect With a Mentor Senior Server EngineerCommented:
You can have ONLY ONE password and account lockout policy in ANY 2003 AD Domain.In Windows Server 2008 and above introduces multiple password and account lockout policies through PSOs when the DFL = at least w2k8.Fine Grained Password Policy is for Windows 2008 and above server.
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
AD DS: Fine-Grained Password Policies

Change the Password Policy - SBS 2011
Jaroslav LatalMSPAuthor Commented:
I figured it out.
I created a security group, add those "special admins" to it.
Just apply that GPO to a computers and set security filtering for that group.

Pramod UbheConnect With a Mentor Commented:
I am not sure about 2011 and how you figured it out but as far as I know, in 2008 you cannot have two separate password policies.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Jaroslav LatalMSPAuthor Commented:
You mean in SBS2008? Even if you create new GPO?

KCTSConnect With a Mentor Commented:

Only a password policy applied at the domain has any effect and it can't be blocked or filtered
The only way you can do what you want is by using a fine grained password policy
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.