Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

GPO Question

Status
Not open for further replies.
bray1

bray1

Technical User
Dec 5, 2003
11
0
0
US
Need to setup a new GPO for a password policy in a 2000 domain and its not working. The reason I think its not working is because im tring to force this gpo on a group I created with specific users in it. Is this the reason I am having problems? If it isn't possible to apply this gpo password policy on a specific group then how would I go about forcing a password policy on 90% of my domain users and not forcing this policy on a select few.

One possible thing that comes to mind is in the users properties in AD checking the box for the password never expires but not sure if that will override the gpo. Thanks in advance.
 
Sort by date Sort by votes
Password policies need to be applied to the domain. There cannot be several password policies defined in the same domain.

I seem to remember doing this a while back in a lab, but heard much protest from many people saying it wasn't possible...

Hope This Helps,

Good Luck!
 
Upvote 0 Downvote
Not really looking for more then 1 password policy. I just want a few logins not to be subject to the policy. Any ideas?
 
Upvote 0 Downvote
What happens if you go into the Advanced Security in the policy, and DENY Apply Group Policy for this exception group of users?
 
Upvote 0 Downvote
As of right now I created this policy went in added a group to the security and checked the apply group policy and it didn't do anything. To test it I change my password and it doesn't complain about a password that is against the rules.

Basically I went in created the policy edited it to what I wanted then moved it up in the list and put no overrides from the default policy after applying the group policy to the group of users I want effected by it. So if this group isn't being effected by this then if I create a seperate group of the users I don't want effected I think it would just ignore those accounts as well.

If I knew for certaing that I could apply this to all authenticated users and then in the users properties in AD check the password never expires I would just go that route but not sure if the GPO would override that check box.
 
Upvote 0 Downvote
No, the GPO will not override the explicit setting in AD of "Password Never Expires".

Hope This Helps,

Good Luck!
 
Upvote 0 Downvote
I'm almost certain that password policy can only be set at the domain level and it affects all domain objects.

I think you could create a policy on an OU that would affect local accounts but it will not affect domain users.
 
Upvote 0 Downvote
I found the way to get around this. I can check the password never expires in the users properties and the policy will not force them to change. Thanks for your help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
83
technome
technome
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
66
RRankin355
RRankin355
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
65
on3mansh0w
on3mansh0w
juliog
  • Locked
  • Question
Unable to get Server 2019 GPO Redirected Folders to Work on Windows 7
Replies
1
Views
74
tacohunter
tacohunter
edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
66
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top