Solved

New Password GPO Question

Posted on 2014-02-26
3
363 Views
Last Modified: 2014-02-26
All,

  I can't believe I am spacing on this but I need to ask.  I am creating a new GPO for a password policy for my windows 2008 r2 domain.   The settings are under the Computer Configuration portion of the policy so when I apply it to my domain, do I apply it to the xxxx.com\mybusiness\Users OU or the xxxx.com\mybusiness\Computers OU?  Also, will it automatically force those who are not compliant to change their passwords or do I need to manually set their accounts to change it? Many thanks
0
Comment
Question by:BrianVan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 39889109
Password policies are a special case.  They have to be linked at the domain level.  You can also use the default domain policy for it.  I

I see you have 2008.  On a domain functional 2008 domain you can also use fine grained password policies (FGPP) if you want different policies for a different set of users/groups.

What settings are you setting?  

Thanks

Mike
0
 

Author Comment

by:BrianVan
ID: 39889301
Just the basics.  They don't currently have a policy.  Oh, if an account has 'password never expires' marked, they won't have to change it correct?  Many thanks
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 39889320
If you want different password policies for different sets of users you can use granular (sometimes called fine-grained)  password policies. http://kpytko.pl/2012/11/09/fine-grained-password-policy-in-windows-server-20082008r2/

By default a domain has a basic password policy attached to the domain. If users have the password does not expire option set then that prevails over the setting in the policy.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question