Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 95
  • Last Modified:

Password Policies outside of GPO

I know normally GPOs are used to manage default password policies but there is another way which for the life of me I cannot recall but a former engineer had used. I am trying to locate those settings.  I remember it was "simple" when you knew where to look but I just cannot remember and searches always take me to GPO-related solutions.  

Does anyone know where these settings are?  They are domain-wide I believe.
0
sysengny
Asked:
sysengny
  • 3
  • 3
2 Solutions
 
pony10usCommented:
Are you referring to fine grain policy available from server 2008 and above using ADSIEdit?
1
 
Adam BrownSr Solutions ArchitectCommented:
Aside from ADSIEdit, it *is* possible to set password policy for the domain without a GPO in ADSIEdit by opening the default naming context, expanding it so the domain root folder shows, right click, select properties. All of the password settings applied by a Group Policy that is linked to the domain will show there. You can modify them directly there, just note that any changes you make will be overwritten by group policy either immediately or after a very short period of time unless you make sure there are no GPOs that set group policy linked directly to the domain.
1
 
sysengnyAuthor Commented:
This was not in ADSIEdit. I am kicking myself for not writing it down last time I saw it.  There is an area where once sets password policies like length, etc.  for a domain. It was outside of the GPO interface but I cant recall the interface I had used.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
pony10usCommented:
is it possible you are thinking of Active Directory Users and Computers (ADUC)?

Open ADUC
Right click the domain
Select the Attribute Editor tab
Locate and double click the attribute you want to change

If you have permissions (domain admin?) you can change it here however if there is a GPO then it will change it back as Adam stated.
1
 
sysengnyAuthor Commented:
It was ADSI edit.  The former engineer was playing with PSO's

https://technet.microsoft.com/en-us/library/cc754461(v=ws.10).aspx
0
 
sysengnyAuthor Commented:
It was a PSO vs GPO.  I could not recall what interface I had used last time to find this (ADSI).  thanks!
0
 
pony10usCommented:
Glad to help.  We use ADSIEdit to create a fine grained policy on domain admins that is stronger than for regular users.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now