Solved

New Password GPO Question

Posted on 2014-02-26
3
358 Views
Last Modified: 2014-02-26
All,

  I can't believe I am spacing on this but I need to ask.  I am creating a new GPO for a password policy for my windows 2008 r2 domain.   The settings are under the Computer Configuration portion of the policy so when I apply it to my domain, do I apply it to the xxxx.com\mybusiness\Users OU or the xxxx.com\mybusiness\Computers OU?  Also, will it automatically force those who are not compliant to change their passwords or do I need to manually set their accounts to change it? Many thanks
0
Comment
Question by:BrianVan
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 39889109
Password policies are a special case.  They have to be linked at the domain level.  You can also use the default domain policy for it.  I

I see you have 2008.  On a domain functional 2008 domain you can also use fine grained password policies (FGPP) if you want different policies for a different set of users/groups.

What settings are you setting?  

Thanks

Mike
0
 

Author Comment

by:BrianVan
ID: 39889301
Just the basics.  They don't currently have a policy.  Oh, if an account has 'password never expires' marked, they won't have to change it correct?  Many thanks
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 39889320
If you want different password policies for different sets of users you can use granular (sometimes called fine-grained)  password policies. http://kpytko.pl/2012/11/09/fine-grained-password-policy-in-windows-server-20082008r2/

By default a domain has a basic password policy attached to the domain. If users have the password does not expire option set then that prevails over the setting in the policy.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now