Configuring different password policies on Windows Server 2008 domains

Recently I found out that there was no way to implement different password policies on domains running on Windows Server 2003. It didnt sound right to me, why I cannot keep different password complexity, for example, in different OUs for different users?

You can actually link to separate OUs with different policies with different values on passwords options, but theyll be ignored by Default Domain Policy.

It seems that there’s a way to accomplish this (not an easy way, but anyhow) running domains with Windows Server 2008 and of course in the highest domain functional level.

The tools involved: GPMC (included with Windows Server 2008) and ADSI Edit.

Here’s the solution:

http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008-Part-1.html

http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008-Part2.html

Cheers!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s