Password Policy

  • Thread starter Thread starter Rick
  • Start date Start date
R

Rick

I am running 2003 AD, I want to setup a password policy for my users ,
but have a couple of questions

1) I want to create a password policy GPO and add groups(s) 2 or 3 at
a time (per management). Can I filter users included in this GPO by
unchecking "apply group policy" on Authenticated Users on the GPO and
check group(s) with "apply group policy" checked?

2) I have all my service accounts in one OU, If I set the "Password
never Expires" setting on these accounts, will that override the
password policy once it is set on these users/groups?

Thanks in advance

Rick
 
Rick said:
I am running 2003 AD, I want to setup a password policy for my users ,
but have a couple of questions

1) I want to create a password policy GPO and add groups(s) 2 or 3 at
a time (per management). Can I filter users included in this GPO by
unchecking "apply group policy" on Authenticated Users on the GPO and
check group(s) with "apply group policy" checked?
Click to expand...

No you can't.
2) I have all my service accounts in one OU, If I set the "Password
never Expires" setting on these accounts, will that override the
password policy once it is set on these users/groups?
Click to expand...

Yes this will override the password policy. But why would you exclude your
service accounts from it? Usually service accounts have far more rights than
a normal user account and should meet the password complexity.

HTH
Norbert
 
Thanks Norbert,
I don't want my passwords on my service account to have passwords that
expire.

Rick.
 
Rick wrote:
Hi,
I don't want my passwords on my service account to have passwords that
expire.
Click to expand...

OK. You can set this but you should change your service account password
nevertheless. ;)

Bye
Norbert
 
Hello Rick,

The only way to progressively roll out a password policy in a Windows
domain is with a third-party password filter that can assign policies
to groups and/or OUs. Setting the "Password Never Expires" option
doesn't remove the password complexity requirements for users, but it
will stop the passwords from expiring, so it may be a suitable solution
for you.

Our company sells a configurable password filter that allows you to
enforce multiple policies and assign them to users, groups, and OUs.
You can find more information at:
http://www.anixis.com/products/ppe/features.htm
 
Back
Top