2003 password policy

Is it possible to create two password policies for a 2003 domain. I have a user and I want their password to expire in a shorter time than everyone else's.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Muhammad MullaSystems AdministratorCommented:
It is possible. You would need to remove the password policy from any shared GPO and then create 2 separate GPOs with the password policies required. You can then assign the GPO to the user either via security filtering or OU.
Muhammad MullaSystems AdministratorCommented:
My mistake. You can have fine grained password policies in a 2012 domain.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Sid_FAuthor Commented:
It can be done via password filter but it seems like a world of pain.
Will SzymkowskiSenior Solution ArchitectCommented:
In a domain where you have ANY 2003 domain controllers you CANNOT have multiple password policy in a SINGLE domain environment, Only one.

However to get around something like this would be to create a new child domain which allows you to set another default password policy.

Aside from that if you upgrade to 2008 you can use FGPP (fine grained password policies). This means that you need to remove all 2003 domain controllers.

Sid_FAuthor Commented:
In  2003 you can set a password policy on an OU but it will not have any effect.

Will SzymkowskiSenior Solution ArchitectCommented:
When you set a password policy on an OU it only affects the Local Accounts on the machine and not ANY domain accounts.

So as i have stated the only other way to create a second password policy in 2003 is to create a child domain and create it there. Only users in the Child domain will have the new policy applied. However this seems like overkill for one user.

Upgrading to 2008 and use Fine Graind Password Policies would be the best method here.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sid_FAuthor Commented:
Yes true it will work with adding a child domain and it will work using password filters but as regards having two password policies in its native form it is not possible.
Will SzymkowskiSenior Solution ArchitectCommented:
That is correct and i had already mentioned that :-P

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.