Re: How to over-ride domain group policy for password length, complexity, etc

You can not override domain account policy because it is applied to Domain Controllers and the default domain partition. This impacts all users.

You can set it so certain users don't need passwords by flagging those accounts in particular with password not required. You can't do this from the GUI you will need to script it or otherwise modify the AD useraccountcontrol attribute for the user's directly. See

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/ads_user_flag_enum.asp 


for the proper values.

Having said that, having accounts without passwords is almost always an insanely bad idea.


  joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Eric W. Holzapfel wrote: 
Hello AD Experts,

I have a new installation of W2K3, I want to be able to override the password policy set for the domain (the default out-of-the-box policy) for passwords. I want a certain group of users to not have to have a password to log in to the server. I have a OU for these users, and a group policy defined, and a group. But the Policy will not override the domain security policy. I would like to not change the default domain security policy for the passwords (if this is indeed possible).

I thought that the hierarchy of policy application is the policy at the OU level wins? Is there a way I can do this???

Thanks,

eric 
.

Relevant Pages

  • Re: Local setting vs. Effective setting w/ GP??
    ... Password policies do not override local policies. ... >>> local policy affects local account meanwhile domain policy affects domain>> accounts. ...
    (microsoft.public.win2000.active_directory)
  • Re: password expiration policy for admin and system accounts ?
    ... policy that Admins manually reset these important account passwords every ... You can still have the passwords set to never expire, ... > Privileged accounts should be the most, not the least, well guarded. ...
    (microsoft.public.security)
  • Re: password expiration policy for admin and system accounts ?
    ... policy that Admins manually reset these important account passwords every ... You can still have the passwords set to never expire, ... > Privileged accounts should be the most, not the least, well guarded. ...
    (microsoft.public.win2000.security)
  • Re: Locking down database accounts
    ... Personally it sounds to me that your company has established a policy and is ... But bottom line if you have to use SQL Server logins and passwords, ... Whether it's an encrypted flat file or an encrypted XML file, ...
    (microsoft.public.sqlserver.security)
  • RE: policy-based password cracker
    ... that required at least one upper, one lower and one number in all passwords. ... password checks can be eliminated due to the policy. ... Since the vast majority of the time for a brute-force attack is ... most brute-force attacks are very fast. ...
    (Pen-Test)
Loading