Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Password Policies outside of GPO

Posted on 2016-08-30
7
Medium Priority
?
85 Views
Last Modified: 2016-08-30
I know normally GPOs are used to manage default password policies but there is another way which for the life of me I cannot recall but a former engineer had used. I am trying to locate those settings.  I remember it was "simple" when you knew where to look but I just cannot remember and searches always take me to GPO-related solutions.  

Does anyone know where these settings are?  They are domain-wide I believe.
0
Comment
Question by:sysengny
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 26

Accepted Solution

by:
pony10us earned 1000 total points
ID: 41776748
Are you referring to fine grain policy available from server 2008 and above using ADSIEdit?
1
 
LVL 42

Assisted Solution

by:Adam Brown
Adam Brown earned 1000 total points
ID: 41776789
Aside from ADSIEdit, it *is* possible to set password policy for the domain without a GPO in ADSIEdit by opening the default naming context, expanding it so the domain root folder shows, right click, select properties. All of the password settings applied by a Group Policy that is linked to the domain will show there. You can modify them directly there, just note that any changes you make will be overwritten by group policy either immediately or after a very short period of time unless you make sure there are no GPOs that set group policy linked directly to the domain.
1
 

Author Comment

by:sysengny
ID: 41776912
This was not in ADSIEdit. I am kicking myself for not writing it down last time I saw it.  There is an area where once sets password policies like length, etc.  for a domain. It was outside of the GPO interface but I cant recall the interface I had used.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 26

Expert Comment

by:pony10us
ID: 41776954
is it possible you are thinking of Active Directory Users and Computers (ADUC)?

Open ADUC
Right click the domain
Select the Attribute Editor tab
Locate and double click the attribute you want to change

If you have permissions (domain admin?) you can change it here however if there is a GPO then it will change it back as Adam stated.
1
 

Author Comment

by:sysengny
ID: 41777023
It was ADSI edit.  The former engineer was playing with PSO's

https://technet.microsoft.com/en-us/library/cc754461(v=ws.10).aspx
0
 

Author Closing Comment

by:sysengny
ID: 41777047
It was a PSO vs GPO.  I could not recall what interface I had used last time to find this (ADSI).  thanks!
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41777065
Glad to help.  We use ADSIEdit to create a fine grained policy on domain admins that is stronger than for regular users.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question