Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

default domain policy in AD exemptions

Posted on 2016-09-01
3
Medium Priority
?
125 Views
Last Modified: 2016-10-03
1, Is it at all possible in an AD domain to exempt users from the default domain policy, which contains the password policy for all users. I am trying to prove for a compliance audit that all accounts in the domain are subject to this policy.

2, Also via the powershell AD cmdlets, is it possible to export the default domain policy settings?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 1000 total points
ID: 41779680
1. Is it at all possible?  
If a user account has "Password not Required" or "Password not Expire" then those user accounts will effectively be 'exempted' from the domain policy in those regards.

Second possibility to use different password policies would be via Fine Grain Password policies...

2. I assume you mean in a human readable format?  Does Get-GPOReport export the GPO in a format you want?  (There's a more generic Get-GPO, which you could then spindle, fold, and mutilate and write in a specific format you wanted... )
0
 
LVL 23

Assisted Solution

by:Radhakrishnan R
Radhakrishnan R earned 500 total points
ID: 41779682
Hi,

Yes, it is possible. What you have to do is, go to gpmc.msc>>Select the Default domain Policy>Select 'Delegation' from right hand side>Click Add to add the appropriate users>Once added, Select the user>click Advanced>select the newly added user>In the 'Apply group policy' make it 'Deny'. So, when the user login next time, the default domain policy won't apply to this user.

In the same page, if you click Settings, you will get all the configured policies in this. Right click and save report as XML format.
0
 
LVL 16

Assisted Solution

by:Carol Chisholm
Carol Chisholm earned 500 total points
ID: 41779688
You can filter group policy by scope (users, groups) or WMI filters (more powerful, more complicated)
gpo filters
Best to export from the GPO menu
GPO-report.jpg
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question