Solved

password policy for particular user group

Posted on 2013-11-17
6
300 Views
Last Modified: 2013-12-05
Dear experts,

I have SBS2011 and I turned password policy off, because every user has limited permission and no remote access.

Now I need to create few admin accounts for some users and enforce password policy for them.


Regards,
Jarda
0
Comment
Question by:JardaCZ
6 Comments
 
LVL 7

Author Comment

by:JardaCZ
ID: 39655672
I figured it out.
I created a security group, add those "special admins" to it.
Just apply that GPO to a computers and set security filtering for that group.

Jarda
0
 
LVL 10

Assisted Solution

by:Pramod Ubhe
Pramod Ubhe earned 100 total points
ID: 39655755
I am not sure about 2011 and how you figured it out but as far as I know, in 2008 you cannot have two separate password policies.
0
 
LVL 7

Author Comment

by:JardaCZ
ID: 39655766
You mean in SBS2008? Even if you create new GPO?

Jarda¨
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 100 total points
ID: 39655769
NO YOU CANT

Only a password policy applied at the domain has any effect and it can't be blocked or filtered
The only way you can do what you want is by using a fine grained password policy
see http://pic.dhe.ibm.com/infocenter/seas/v2r4m1/index.jsp?topic=%2Fcom.ibm.help.seasimplementationguide.doc%2FSEAS_Create_Finegrained_Password_Policy.html

http://www.youtube.com/watch?v=CHvYa-pZRfE
0
 
LVL 7

Assisted Solution

by:joensw
joensw earned 100 total points
ID: 39655779
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 200 total points
ID: 39655782
You can have ONLY ONE password and account lockout policy in ANY 2003 AD Domain.In Windows Server 2008 and above introduces multiple password and account lockout policies through PSOs when the DFL = at least w2k8.Fine Grained Password Policy is for Windows 2008 and above server.
 
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc770842.aspx
 
AD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx


Change the Password Policy - SBS 2011
http://social.technet.microsoft.com/Forums/en-US/6faf6fd6-76ba-4da9-ac2f-a66130750d77/change-the-password-policy-sbs-2011?forum=smallbusinessserver
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now