Change windows 2008 password policies

Unfortunately, there is no option for you to edit or change the default domain policy. The only way to change your password policy is to create a new domain policy to overwrite the default domain policy.

Strong passwords that are changed regularly reduce the likelihood of a successful password attack. This feature provides organizations with a way to define different password and account lockout policies for different sets of users in a domain.

In Windows Server and Windows Server Active Directory domains, only one password policy and account lockout policy could be applied to all users in the domain. Fine-grained password policies apply only to user objects or inetOrgPerson objects if they are used instead of user objects and global security groups. To apply a fine-grained password policy to users of an OU, you can use a shadow group. A shadow group is a global security group that is logically mapped to an OU to enforce a fine-grained password policy.

You add users of the OU as members of the newly created shadow group and then apply the fine-grained password policy to this shadow group. You can create additional shadow groups for other OUs as needed. MartW MartW 1, 10 10 silver badges 15 15 bronze badges. OS can't find gpmc. Guess I need to do some research on Active Directory. Thanks for the lead, though. Sign up or log in Sign up using Google. Sign up using Facebook.

Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Stack Gives Back Safety in numbers: crowdsourcing data on nefarious IP addresses. Contents Exit focus mode. Note Some security policy settings require that the computer be restarted before the setting takes effect. Note If this security policy has not yet been defined, select the Define these policy settings check box.

Important Always test a newly created policy in a test organizational unit before you apply it to your network. In this article.