Solved

Password Policies outside of GPO

Posted on 2016-08-30
7
43 Views
Last Modified: 2016-08-30
I know normally GPOs are used to manage default password policies but there is another way which for the life of me I cannot recall but a former engineer had used. I am trying to locate those settings.  I remember it was "simple" when you knew where to look but I just cannot remember and searches always take me to GPO-related solutions.  

Does anyone know where these settings are?  They are domain-wide I believe.
0
Comment
Question by:sysengny
  • 3
  • 3
7 Comments
 
LVL 26

Accepted Solution

by:
pony10us earned 250 total points
ID: 41776748
Are you referring to fine grain policy available from server 2008 and above using ADSIEdit?
1
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
ID: 41776789
Aside from ADSIEdit, it *is* possible to set password policy for the domain without a GPO in ADSIEdit by opening the default naming context, expanding it so the domain root folder shows, right click, select properties. All of the password settings applied by a Group Policy that is linked to the domain will show there. You can modify them directly there, just note that any changes you make will be overwritten by group policy either immediately or after a very short period of time unless you make sure there are no GPOs that set group policy linked directly to the domain.
1
 

Author Comment

by:sysengny
ID: 41776912
This was not in ADSIEdit. I am kicking myself for not writing it down last time I saw it.  There is an area where once sets password policies like length, etc.  for a domain. It was outside of the GPO interface but I cant recall the interface I had used.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 26

Expert Comment

by:pony10us
ID: 41776954
is it possible you are thinking of Active Directory Users and Computers (ADUC)?

Open ADUC
Right click the domain
Select the Attribute Editor tab
Locate and double click the attribute you want to change

If you have permissions (domain admin?) you can change it here however if there is a GPO then it will change it back as Adam stated.
1
 

Author Comment

by:sysengny
ID: 41777023
It was ADSI edit.  The former engineer was playing with PSO's

https://technet.microsoft.com/en-us/library/cc754461(v=ws.10).aspx
0
 

Author Closing Comment

by:sysengny
ID: 41777047
It was a PSO vs GPO.  I could not recall what interface I had used last time to find this (ADSI).  thanks!
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41777065
Glad to help.  We use ADSIEdit to create a fine grained policy on domain admins that is stronger than for regular users.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now