How to create password expiration for local users in Windows Server 2008?
Dear EE experts,
We would like to ask on How to create password expiration for local users in Windows Server 2008, using gpedit.msc or regedit.
We don't know where to edit it and set its password expiration, for local users only...
Thank you & hope to hear soon...
We would like to ask on How to create password expiration for local users in Windows Server 2008, using gpedit.msc or regedit.
We don't know where to edit it and set its password expiration, for local users only...
Thank you & hope to hear soon...
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
We need it for local users, not for domain users...
I remember when we checked the Password Policy, it's in Gray state, can't change the number of days for its expiration...
I remember when we checked the Password Policy, it's in Gray state, can't change the number of days for its expiration...
That would be because a Domain Policy is taking precedence. When you are logged in as one of these local users, at a command prompt, run gpresult /h gp.html and then look at gp.html. It should tell you which GPO is taking precedence.
ASKER
Hi there LockDown32,
Please see the attached file for the gp.html result...
I think it's taking precedence from our domain "stiebeleltronasia.com"
So what can be the solution in order for us to enable the changing of password max age, etc.?
gp.html
Please see the attached file for the gp.html result...
I think it's taking precedence from our domain "stiebeleltronasia.com"
So what can be the solution in order for us to enable the changing of password max age, etc.?
gp.html
ASKER
Additional to this, the reason why we want to enable this password max age is because we have a site, a local site only (Intranet), and we want local site users use this site, because we want to implement this Group Policy to those who are local users only, and not with the domain users...
Hi.
The gp.html shows that you are on a domain and that the domain password policy is active. So you cannot have different rules for local accounts unless you remove the computer from the domain, as simple as that.
The gp.html shows that you are on a domain and that the domain password policy is active. So you cannot have different rules for local accounts unless you remove the computer from the domain, as simple as that.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you for the idea McKnife & LockDown32, so the question now is, if we remove the sharepoint server from the domain (it will be in WORKGROUP group as usual), then will the setting for the Password Max Age be enabled or still disable?
And every domain users should login everytime they access the site?
And every domain users should login everytime they access the site?
If you remove it from the domain then you will be able to configure the password settings with gpedit.msc It will no longer be greyed out.
"And every domain users should login everytime they access the site". Couldn't tell you. Domain users will not be able to log in to it. Not sure about Sharepoint.
"And every domain users should login everytime they access the site". Couldn't tell you. Domain users will not be able to log in to it. Not sure about Sharepoint.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Yes McKnife, it's a SharePoint Server that resides on that win 2008 server... Removing from domain would be a bad idea?
@LockDown32, got your advise... But need to check what McKnife said about removing SharePoint server from the domain...
@LockDown32, got your advise... But need to check what McKnife said about removing SharePoint server from the domain...
I wouldn't think you would want to dis-join the domain simply because it is a 2008 server. Is the the Domain Controller?
If it we me I would just modify the existing Password Policy to meet your need. Exactly what is it you are trying to accomplish?
If it we me I would just modify the existing Password Policy to meet your need. Exactly what is it you are trying to accomplish?
Accessing sharepoint relies on its domain membership. Sharepoint authentication would break immediately.
ASKER
@LockDown32: you said from the 3 choices that gave earlier
>> 2) Change the domain policy to "Not Configured" so the local domain would take precedence (but this would remove it for domain users).<<
- if we set it to be "Not configured", it will free up taking precedence with local policy, right?
>> Exactly what is it you are trying to accomplish?<<
- what we are trying to accomplish here is to have the local users (Only), change their password at a certain days (For ex. 30 days). We need that to our SharePoint site that is open publicly.
@McKnife & LockDown32, you both said that removing the SharePoint server from the domain group isn't good, or it's a bad idea, why? It won't work as smooth as in a domain group?
If a user use Chrome or FireFox browser, it's asking for their UN & PW, will it be the same if we remove it from the domain group?
>> 2) Change the domain policy to "Not Configured" so the local domain would take precedence (but this would remove it for domain users).<<
- if we set it to be "Not configured", it will free up taking precedence with local policy, right?
>> Exactly what is it you are trying to accomplish?<<
- what we are trying to accomplish here is to have the local users (Only), change their password at a certain days (For ex. 30 days). We need that to our SharePoint site that is open publicly.
@McKnife & LockDown32, you both said that removing the SharePoint server from the domain group isn't good, or it's a bad idea, why? It won't work as smooth as in a domain group?
If a user use Chrome or FireFox browser, it's asking for their UN & PW, will it be the same if we remove it from the domain group?
Ok, wait. There's a solution after all. Use PSOs not GPOs for your password settings and you don't have to use the default domain policy. That will allow local accounts to have different settings.
Read the Microsoft documentation of password settings objects, then let's discuss questions.
Read the Microsoft documentation of password settings objects, then let's discuss questions.
ASKER
Thank you so much! Answered the main idea...
ASKER
oh! Can u still send it McKnife? I didn't noticed you replied...
Windows OS
This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
For local users it would be done in GPEDIT. For Domain users it would be done in Group Policy Management.