Fine Grained Password Policy

Posted on 2014-03-10
Medium Priority
Last Modified: 2014-03-14
HI experts,

I have successfully created the PSO and applied to myself (for testing). It is restricting me to create a 8 characters password with complexity. Its working fine.

However if I applied the PSO to a group (a security group only contain myself and one other staff) then the policy doesn't work. I have run gpupdate /force everything I made change ensuring it refresh the policy.

I will appreciate if anyone to shed some light? What am I missing here?

We are a 2008 domain (NOT R2 as one of DCs is not running R2). Domain and Forest level had been raised.

Thank you.
Question by:ormerodrutter
  • 2
  • 2
LVL 61

Accepted Solution

Cliff Galiher earned 2000 total points
ID: 39917075
The security group MUST be a global security group. Not a distribution group or universal security group or any other variant, just an odd quirk of fine grained policy processing,
LVL 23

Author Comment

ID: 39917128
So in general I have to create a new Global Security group and add ALL users to the group? Don't think Global group allow group nesting?
LVL 61

Expert Comment

by:Cliff Galiher
ID: 39917173
LVL 23

Author Closing Comment

ID: 39928639
Thanks for your solution - spot on!!

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question