[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

password policy for particular user group

Posted on 2013-11-17
6
Medium Priority
?
325 Views
Last Modified: 2013-12-05
Dear experts,

I have SBS2011 and I turned password policy off, because every user has limited permission and no remote access.

Now I need to create few admin accounts for some users and enforce password policy for them.


Regards,
Jarda
0
Comment
Question by:Jaroslav Latal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 7

Author Comment

by:Jaroslav Latal
ID: 39655672
I figured it out.
I created a security group, add those "special admins" to it.
Just apply that GPO to a computers and set security filtering for that group.

Jarda
0
 
LVL 10

Assisted Solution

by:Pramod Ubhe
Pramod Ubhe earned 400 total points
ID: 39655755
I am not sure about 2011 and how you figured it out but as far as I know, in 2008 you cannot have two separate password policies.
0
 
LVL 7

Author Comment

by:Jaroslav Latal
ID: 39655766
You mean in SBS2008? Even if you create new GPO?

Jarda¨
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 400 total points
ID: 39655769
NO YOU CANT

Only a password policy applied at the domain has any effect and it can't be blocked or filtered
The only way you can do what you want is by using a fine grained password policy
see http://pic.dhe.ibm.com/infocenter/seas/v2r4m1/index.jsp?topic=%2Fcom.ibm.help.seasimplementationguide.doc%2FSEAS_Create_Finegrained_Password_Policy.html

http://www.youtube.com/watch?v=CHvYa-pZRfE
0
 
LVL 7

Assisted Solution

by:joensw
joensw earned 400 total points
ID: 39655779
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 800 total points
ID: 39655782
You can have ONLY ONE password and account lockout policy in ANY 2003 AD Domain.In Windows Server 2008 and above introduces multiple password and account lockout policies through PSOs when the DFL = at least w2k8.Fine Grained Password Policy is for Windows 2008 and above server.
 
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc770842.aspx
 
AD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx


Change the Password Policy - SBS 2011
http://social.technet.microsoft.com/Forums/en-US/6faf6fd6-76ba-4da9-ac2f-a66130750d77/change-the-password-policy-sbs-2011?forum=smallbusinessserver
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question