none
Domain Group Policy Object for Password Policy

    Question

  • I am using a GPO on Windows 2008 R2 server to set password polices for specific users.

    However, when I run gpresult /view to see the policies applied, the password policy says filtering not applied.

    How can I set the password policy for specific users using Group polices ?

    Monday, September 28, 2015 3:27 AM

Answers

All replies

  • Hi

     You could configure fine-grained password policies for specific users&groups,

    Check detailed information about,

    https://technet.microsoft.com/en-us/library/cc770842%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by thinkislnds Wednesday, September 30, 2015 2:58 PM
    Monday, September 28, 2015 6:13 AM
  • Fine grained policies is you way to achieve this task. Please read article here

    https://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx

    M.

    • Marked as answer by thinkislnds Wednesday, September 30, 2015 2:59 PM
    Monday, September 28, 2015 6:16 AM
  • Is there any other simpler way to accomplish this ? If I decide to give every one the same password policy then can I just use GPO?
    • Marked as answer by thinkislnds Wednesday, September 30, 2015 2:59 PM
    • Unmarked as answer by thinkislnds Wednesday, September 30, 2015 2:59 PM
    Monday, September 28, 2015 12:47 PM
  • hi,

    if you want to set password polices for specific users, the only supported way is to configure fine-grained password policies which can apply different restrictions for password and account lockout policies to different sets of users in a domain. Not sure if there is the 3rd party tool to make it simpler or not.

    Details is in AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide

    https://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx

    and if you want to apply password policy to everyone, you can set up it in GPO based on the Default Domain Policy

    1. Open computer configurationàclick windows settingsàclick security settingsàdouble-click Account Policies, and then click Password Policy.
    2. Double-click the item in the Policy list that you want to change, change the setting, and then click OK.

    Detail information is in below

    Account Policy Settings: https://technet.microsoft.com/en-us/library/cc757692(v=ws.10).aspx

    Change password policy settings : http://windows.microsoft.com/en-us/windows/change-password-policy-settings#1TC=windows-7

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by thinkislnds Wednesday, September 30, 2015 2:59 PM
    Wednesday, September 30, 2015 7:40 AM
    Moderator
  • If I decide to apply password policy to everyone, by setting it up it in the GPO based on the Default Domain Policy, will the users account properties override the GPO?

    For example, if the GPO has the max password age set to 30 days yet a users account properties in AD has password never expires set, which will be in effect?

    Wednesday, September 30, 2015 2:58 PM
  • Hi

      if the GPO has the max password age set to 30 days yet a users account properties in AD has password never expires set, which will be in effect?>>>> The user properties uses,password never expires be effective.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Wednesday, September 30, 2015 3:18 PM