Complex Password Policy
Is it possible to define a separate policy for staff and students?
Currently I have a complex policy configured on the default domain policy.
It has been brought up recently that the lower level students are struggling to log in due to remembering the complex passwords. Thoughts are to revert pupils to a 4-5digit number password, thus removing the complexity.
I have tried defining a separate policy for staff and students, however the top level domain policy seems to override.
Can anyone clarify if it is possible and how the top level/ lower level gp's should be configured?
Windows server 2008 R2 added a feature called "fine-grained password policy" which is what i think you are looking for. It does not look straight forward to implement and I have not personally tried to implement.
Thanks for that, actually a colleague of my mine found the same info this afternoon.
This will help enormously with the config: Specops Password Policy Basic
Free, though you have to fork over your email address. Specops aren't cowboys though, I get occasional marketing from them but that's it.
I second the Specops recommendation. The full version is very expensive, even for us, but the free version is pretty sufficient for all I've wanted to do. Brilliant piece of software for interfacing with the otherwise formidable AD DS FGPP.
The reason why your new polices don't apply is because you were only allowed one password policy until 2008 R2, if you did configure these settings they would only effect local account polices on workstation/servers
If you have 2012 Domain controllers you can create the password polices from the Active Directory Admin Center so no need for the Specops tool. (probably works with windows 8 rsat tools but i haven't tried it)
WHS, helps with the fine grained password setup, wasn't that hard.
Originally Posted by AngryTechnician
I did mine in adsi edit. Relatively straight forward. It works on group membership. So staff have their own and students have the default password policy for the domain.. I have a rely good article for it if you want it.