Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

default domain policy in AD exemptions

Posted on 2016-09-01
3
Medium Priority
?
135 Views
Last Modified: 2016-10-03
1, Is it at all possible in an AD domain to exempt users from the default domain policy, which contains the password policy for all users. I am trying to prove for a compliance audit that all accounts in the domain are subject to this policy.

2, Also via the powershell AD cmdlets, is it possible to export the default domain policy settings?
0
Comment
Question by:pma111
3 Comments
 
LVL 31

Accepted Solution

by:
Rich Weissler earned 1000 total points
ID: 41779680
1. Is it at all possible?  
If a user account has "Password not Required" or "Password not Expire" then those user accounts will effectively be 'exempted' from the domain policy in those regards.

Second possibility to use different password policies would be via Fine Grain Password policies...

2. I assume you mean in a human readable format?  Does Get-GPOReport export the GPO in a format you want?  (There's a more generic Get-GPO, which you could then spindle, fold, and mutilate and write in a specific format you wanted... )
0
 
LVL 24

Assisted Solution

by:Radhakrishnan R
Radhakrishnan R earned 500 total points
ID: 41779682
Hi,

Yes, it is possible. What you have to do is, go to gpmc.msc>>Select the Default domain Policy>Select 'Delegation' from right hand side>Click Add to add the appropriate users>Once added, Select the user>click Advanced>select the newly added user>In the 'Apply group policy' make it 'Deny'. So, when the user login next time, the default domain policy won't apply to this user.

In the same page, if you click Settings, you will get all the configured policies in this. Right click and save report as XML format.
0
 
LVL 16

Assisted Solution

by:Carol Chisholm
Carol Chisholm earned 500 total points
ID: 41779688
You can filter group policy by scope (users, groups) or WMI filters (more powerful, more complicated)
gpo filters
Best to export from the GPO menu
GPO-report.jpg
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question