Announcement

Collapse
No announcement yet.

Group Policy question

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Policy question

    At my company we are trying to implement automated password changes every 90 days without affecting the service accounts and domain administrator accounts. Our default group policy is enforced on all authenticated users so I took out the definitions in the default policy, created another GPO for just the password enforcement and pushed out to only the security groups I had previously placed users in based on their department (standard practice I assume). This new GPO failed and I had to manually reset passwords this morning.

    Can anyone give me some tips as to why this policy may have failed?

  • #2
    Re: Group Policy question

    Probably because a Password Policy is a computer setting and not a user setting.

    Why not just set "Password never expires" on the user accounts that you don't want to be affected by the password policy?

    Comment


    • #3
      Re: Group Policy question

      Originally posted by joeqwerty View Post
      Probably because a Password Policy is a computer setting and not a user setting.
      Yeah, I got that but it works when pushed out to all authenticated users. It only breaks when I change it to those security groups. I was kind of wondering why because I've just been kind of tossed into this AD role so I'm trying to learn as much about it as possible. This was going to be kind of my learning phase trying to move toward more OU based policies instead of one big default one.

      I actually thought about that "password never expires" check box. You just verified what I suspected but I was trying to avoid as much trial and error as possible. I wasn't willing to stake the flow of email, backups, websites, etc. on my hunch lol.

      Comment


      • #4
        Re: Group Policy question

        It works for Authenticated Users because the Authenticated Users group also contains all computer accounts.

        When you try to filter the policy based on a group that contains only users it breaks because the Password Policy is a computer setting, not a user setting.

        Comment


        • #5
          Re: Group Policy question

          Oh ok, that makes sense. Thanks! I didn't think about authenticated users containing computer accounts.

          Comment

          Working...
          X