Solved

New Password GPO Question

Posted on 2014-02-26
3
357 Views
Last Modified: 2014-02-26
All,

  I can't believe I am spacing on this but I need to ask.  I am creating a new GPO for a password policy for my windows 2008 r2 domain.   The settings are under the Computer Configuration portion of the policy so when I apply it to my domain, do I apply it to the xxxx.com\mybusiness\Users OU or the xxxx.com\mybusiness\Computers OU?  Also, will it automatically force those who are not compliant to change their passwords or do I need to manually set their accounts to change it? Many thanks
0
Comment
Question by:BrianVan
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
Comment Utility
Password policies are a special case.  They have to be linked at the domain level.  You can also use the default domain policy for it.  I

I see you have 2008.  On a domain functional 2008 domain you can also use fine grained password policies (FGPP) if you want different policies for a different set of users/groups.

What settings are you setting?  

Thanks

Mike
0
 

Author Comment

by:BrianVan
Comment Utility
Just the basics.  They don't currently have a policy.  Oh, if an account has 'password never expires' marked, they won't have to change it correct?  Many thanks
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
Comment Utility
If you want different password policies for different sets of users you can use granular (sometimes called fine-grained)  password policies. http://kpytko.pl/2012/11/09/fine-grained-password-policy-in-windows-server-20082008r2/

By default a domain has a basic password policy attached to the domain. If users have the password does not expire option set then that prevails over the setting in the policy.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now