Apply New Password Policy via GPO Gradually
Clash Royale CLAN TAG#URR8PPP up vote
4
down vote
favorite
I want to make changes to the password policy in our domain (for example, include password complexity) but I want to apply it gradually, to some OU's or users group first. As far as I know the password enformcement are manage for the domain controllers, it is possible apply a different password policy for some users? Or the same seeting will be apply to all users when the DC's apply the GPO?
Regards,
Amedina
active-directory windows-server-2012-r2 group-policy password-policy
asked Aug 7 at 14:37
Alberto Medina
874
add a comment |Â
up vote
4
down vote
favorite
I want to make changes to the password policy in our domain (for example, include password complexity) but I want to apply it gradually, to some OU's or users group first. As far as I know the password enformcement are manage for the domain controllers, it is possible apply a different password policy for some users? Or the same seeting will be apply to all users when the DC's apply the GPO?
Regards,
Amedina
active-directory windows-server-2012-r2 group-policy password-policy
asked Aug 7 at 14:37
Alberto Medina
874
Remember that when you change the policy, new passwords will not be forced to follow the new policy until the old passwords expire.
– Clayton
Aug 7 at 15:55
add a comment |Â
up vote
4
down vote
favorite
up vote
4
down vote
favorite
I want to make changes to the password policy in our domain (for example, include password complexity) but I want to apply it gradually, to some OU's or users group first. As far as I know the password enformcement are manage for the domain controllers, it is possible apply a different password policy for some users? Or the same seeting will be apply to all users when the DC's apply the GPO?
Regards,
Amedina
active-directory windows-server-2012-r2 group-policy password-policy
asked Aug 7 at 14:37
Alberto Medina
874
I want to make changes to the password policy in our domain (for example, include password complexity) but I want to apply it gradually, to some OU's or users group first. As far as I know the password enformcement are manage for the domain controllers, it is possible apply a different password policy for some users? Or the same seeting will be apply to all users when the DC's apply the GPO?
Regards,
Amedina
active-directory windows-server-2012-r2 group-policy password-policy
asked Aug 7 at 14:37
Alberto Medina
874
asked Aug 7 at 14:37
Alberto Medina
874
asked Aug 7 at 14:37
Alberto Medina
874
asked Aug 7 at 14:37
Alberto Medina
874
874
Remember that when you change the policy, new passwords will not be forced to follow the new policy until the old passwords expire.
– Clayton
Aug 7 at 15:55
add a comment |Â
Remember that when you change the policy, new passwords will not be forced to follow the new policy until the old passwords expire.
– Clayton
Aug 7 at 15:55
Remember that when you change the policy, new passwords will not be forced to follow the new policy until the old passwords expire.
– Clayton
Aug 7 at 15:55
Remember that when you change the policy, new passwords will not be forced to follow the new policy until the old passwords expire.
– Clayton
Aug 7 at 15:55
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
5
down vote
accepted
My first answer was utter nonsense, sorry. Here we go:
If you are on Windows 2008 or higher (as you should), you can use Fine-Grained Password Policies.
Using the "new" Active Directory Administrative Center you can set these quite easily.
The gist is:
- Navigate to -> System -> Password Settings Container
- Create a new password policy
- Set the users / groups to which it should be applied
answered Aug 7 at 14:42
Lenniey
1,7942717
man, this is exactly what I was looking for. Thanks.
– Alberto Medina
Aug 7 at 16:25
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
5
down vote
accepted
My first answer was utter nonsense, sorry. Here we go:
If you are on Windows 2008 or higher (as you should), you can use Fine-Grained Password Policies.
Using the "new" Active Directory Administrative Center you can set these quite easily.
The gist is:
- Navigate to -> System -> Password Settings Container
- Create a new password policy
- Set the users / groups to which it should be applied
answered Aug 7 at 14:42
Lenniey
1,7942717
man, this is exactly what I was looking for. Thanks.
– Alberto Medina
Aug 7 at 16:25
add a comment |Â
up vote
5
down vote
accepted
My first answer was utter nonsense, sorry. Here we go:
If you are on Windows 2008 or higher (as you should), you can use Fine-Grained Password Policies.
Using the "new" Active Directory Administrative Center you can set these quite easily.
The gist is:
- Navigate to -> System -> Password Settings Container
- Create a new password policy
- Set the users / groups to which it should be applied
answered Aug 7 at 14:42
Lenniey
1,7942717
man, this is exactly what I was looking for. Thanks.
– Alberto Medina
Aug 7 at 16:25
add a comment |Â
up vote
5
down vote
accepted
up vote
5
down vote
accepted
My first answer was utter nonsense, sorry. Here we go:
If you are on Windows 2008 or higher (as you should), you can use Fine-Grained Password Policies.
Using the "new" Active Directory Administrative Center you can set these quite easily.
The gist is:
- Navigate to -> System -> Password Settings Container
- Create a new password policy
- Set the users / groups to which it should be applied
answered Aug 7 at 14:42
Lenniey
1,7942717
My first answer was utter nonsense, sorry. Here we go:
If you are on Windows 2008 or higher (as you should), you can use Fine-Grained Password Policies.
Using the "new" Active Directory Administrative Center you can set these quite easily.
The gist is:
- Navigate to -> System -> Password Settings Container
- Create a new password policy
- Set the users / groups to which it should be applied
answered Aug 7 at 14:42
Lenniey
1,7942717
edited Aug 7 at 15:32
answered Aug 7 at 14:42
Lenniey
1,7942717
answered Aug 7 at 14:42
Lenniey
1,7942717
answered Aug 7 at 14:42
Lenniey
1,7942717
1,7942717
man, this is exactly what I was looking for. Thanks.
– Alberto Medina
Aug 7 at 16:25
add a comment |Â
man, this is exactly what I was looking for. Thanks.
– Alberto Medina
Aug 7 at 16:25
man, this is exactly what I was looking for. Thanks.
– Alberto Medina
Aug 7 at 16:25
man, this is exactly what I was looking for. Thanks.
– Alberto Medina
Aug 7 at 16:25
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f925304%2fapply-new-password-policy-via-gpo-gradually%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Remember that when you change the policy, new passwords will not be forced to follow the new policy until the old passwords expire.
– Clayton
Aug 7 at 15:55