New Password GPO Question

All,

  I can't believe I am spacing on this but I need to ask.  I am creating a new GPO for a password policy for my windows 2008 r2 domain.   The settings are under the Computer Configuration portion of the policy so when I apply it to my domain, do I apply it to the xxxx.com\mybusiness\Users OU or the xxxx.com\mybusiness\Computers OU?  Also, will it automatically force those who are not compliant to change their passwords or do I need to manually set their accounts to change it? Many thanks
BrianVanAsked:
Who is Participating?
 
Mike KlineConnect With a Mentor Commented:
Password policies are a special case.  They have to be linked at the domain level.  You can also use the default domain policy for it.  I

I see you have 2008.  On a domain functional 2008 domain you can also use fine grained password policies (FGPP) if you want different policies for a different set of users/groups.

What settings are you setting?  

Thanks

Mike
0
 
BrianVanAuthor Commented:
Just the basics.  They don't currently have a policy.  Oh, if an account has 'password never expires' marked, they won't have to change it correct?  Many thanks
0
 
Brian PierceConnect With a Mentor PhotographerCommented:
If you want different password policies for different sets of users you can use granular (sometimes called fine-grained)  password policies. http://kpytko.pl/2012/11/09/fine-grained-password-policy-in-windows-server-20082008r2/

By default a domain has a basic password policy attached to the domain. If users have the password does not expire option set then that prevails over the setting in the policy.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.