Password Complexity bypass on specific user group (server 2008)


  • Hello everyone

    IT support member for the red cross in Luxembourg, we have a problem here.

    Today our management asked us to renforce the security about password policy and active the complexity rule which was not the case before today.

    we have different users groups, normal users, admin users and service users.

    we had issues with services users accounts because they had the option "never expires" and "user can't change password"

    so we tought that everything would be ok,

    the problem is that those accounts have been affected by the complexity rule changed.... and lots of application and services went down

    i hope this part is clear enough, other users chanegd their password when they were asked to do so, no problem for them just for the service accounts....

    apparently the complexicity rule override the 2 others....

    what solution does exist to apply the complexicty to everyone but the service accounts

    we already tried to set this complexicity rule into a specific group and normal password rule for another group for the services accounts, but as the password complexicty policy is set (server 2008) from the top of our unique domain it goes anyway to all users/groups

    we have been told about filter password ? but its more a users / groups / OU thqt we would filter ... not the password itself

    if you need more info... please dont hesitate to ask me

    kind regards

    Tuesday, February 03, 2015 1:45 PM