asked on
Confused about password policies - why are they computer configuration?
I have become terribly confused over password policies.
Why are they configured under Computer Configuration (Windows\security\account\
I need to apply password policies to my domain users (all contained in a user OU).
My two concerns here are -
1. I run an AD report on passwords due to expire in 30 days - if this policy only applies to Computers, how will it affect my user accounts?
2. It is imperative only the Users OU is affected, thus I applied the policy top this but it appears my machine (as a test) is picking it up from the Default Domain Policy which of course is covering my machine and the OU my machine is in.
Any transparency on this issue would be greatly appreciated.
Why are they configured under Computer Configuration (Windows\security\account\
I need to apply password policies to my domain users (all contained in a user OU).
My two concerns here are -
1. I run an AD report on passwords due to expire in 30 days - if this policy only applies to Computers, how will it affect my user accounts?
2. It is imperative only the Users OU is affected, thus I applied the policy top this but it appears my machine (as a test) is picking it up from the Default Domain Policy which of course is covering my machine and the OU my machine is in.
Any transparency on this issue would be greatly appreciated.
Windows Server 2008Active DirectoryWindows 7
Last Comment
fuzzyfreak
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Sure, this overrides it.
Back to the question "why a computer policy" - the reason is: these are settings that apply to a password database. The password db is not per-user but per system. It treats all users the same.
Back to the question "why a computer policy" - the reason is: these are settings that apply to a password database. The password db is not per-user but per system. It treats all users the same.
default domain policy and much to my horror, everybody's passwords expired immediatelyNot sure why that happen. When you change the password policy this does not Force users passwords to expire. If a user just changed there password and you apply a password policy they can use there current password until it expires or they try to change it themselves.
I have set "Password Never Expires" can you assure me that this setting will always override the domain policy?
That is correct. Setting "Password Never Expires" ignores the password change policy from the default domain policy.
Will.
ASKER
Thanks guys.
ASKER
Very comprehensive and helpful solution.
For all my service accounts, I have set "Password Never Expires" can you assure me that this setting will always override the domain policy?
Thanks