Saturday, January 19, 2013 4:32 PM
I have a 2012 server that is only accessible from within the building, it can not be accessed through the net via user log ins or remote desktop etc.
I want to change the password policy, on it so that I don;t have to change the admin or user passwords every 42 days, and I also don;t want it to remember password history for 24 password changes.
I am logged in to the server as Administrator
I went in to local security settings and found the policy, double clicked on the items to change and the change options were greyed out.
I thought maybe I need to run it as Administrator, so I ran the Local Security as Administrator, and still as i navigated to the options when double clicking on them they were greyed out.
Where do I need to go to change these two settings? I want to set the days to change to 0 for no requirement to change and the password history
Saturday, January 19, 2013 8:26 PMIs this a domain joined server or is it in its own workgroup?
Saturday, January 19, 2013 8:56 PM
This is a Domain Server, it is the PDC, as there is only 1 server in the network
Tuesday, January 22, 2013 6:17 AMModerator
As far as I know, each domain could only have one password policy defined in default domain policy.
If you want to set other kind of password settings to some users, we could use Fine-Grained Password:
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
In windows 2012, we could use ADAC to manage FGPP more efficiently,
TechNet Community Support
Tuesday, January 22, 2013 3:07 PM
Hi sorry, I don;t think it is as anything as complicated as that, I don't think I have explained myself.
Ok. I have 1 server 2012, that is it. There is absolutely nothing joined to the server. (no PC's etc)
The server is a domain controller, and it is also a PDC
The main purpose of the server is an internal file server
There are 3 user accounts
The Workgroup PC's connect to the server through the shared folders and enter their usernames and passwords upon connecting to the \\server (from their desktop workgroup PC)
When I last remote desktop'd in as Administrator I was asked to change my password
The current password policy (default) on Server 2012 is;
Change Password ever 42 days
Remember last 24 passwords used
Must use upper/lower and numbers
I want to change this password policy on this 1 and only server (as there is nothing else in the domain, there is nothing to be affected by it)
I ran from the Server Tasks, Local Security and I found the policy in there detailing the 42 days and 24 history. I double clicked on each one to bring up the properties, and the box to change the number was greyed out, so I couldn't change it.
I want to change the password policy to;
Change Password every 0 days (so it never forces a password change)
Remember last 0 passwords
I know this is not an ideal situation, but nothing outside of my network can access this, and there is a specific reason I want to make these changes to this server - (So please don;t tell me about the security risks of not enforcing password changes, I am aware of those.... if I know how to make the change in the first place I can then revise the policies at a later date - when the Desktop PC's are joined to the domain)
So how do I change the Password Policy on Server 2012 - is it a different menu? is it under Group Policies? etc
Tuesday, January 22, 2013 3:09 PM
Ooooh just as a final point, I don;t want different policies for different users. I just want one policy of
Password change 0 days
Password remember 0 history
I want this for the Administrator and the only 3 users on this server (the only server in the network and the only computer on the domain)
Tuesday, January 22, 2013 11:53 PM
There is no Local policy on a domain controller, just as there is not non-domain administrator on a domain controller. It's the heart of the security system, so it doesn't make sense to set up 'back doors' that could be more easily exploited.
In Server Manager, select the Local Server. Click Tools in the menu bar. Select Group Policy Management. Expand the tree until you see your domain.
Right-click on the domain and select Create a new policy and link it here. Give it whatever name you want. Right-click on the newly created policy and select Edit.
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy. Make whatever changes you want.
Thursday, January 24, 2013 4:11 AM
On the same line, just edit the default domain controller policy to reflect the changes you want in
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy