Windows Server 2012 Password Experation GPO Not Applying

windows-7 passwords windows-server-2012 group-policy
6,162

By creating GPO on OU, This will not work for what you're trying to do. GPOs pertaining to Password policies can only be set at the domain level. However, In order to apply a policy to a subset of domain users then you need to use Fine-Grained password policies.

These can be applied at the group level, so you need to ensure all the users you wish to affect with this new policy are a member of the appropriate group.

To do this on a Windows 2012 domain, do the following from a DC .

  1. From the Start Screen type DSAC.EXE to start the Directory Service Administrative Center.
  2. Navigate to the System\Password Settings Container
  3. Right Click and select New or use New under the Tasks menu.
  4. Choose Password Settings
  5. Create a New Password policy either for a User or a group.
  6. Set its Precedence in case if u have multiple policies created, so lower the number higher the priority.

It's fairly self-explanatory from there.

Share:
6,162

Related videos on Youtube

JeremyT
Author by

JeremyT

Updated on September 18, 2022

Comments

  • JeremyT
    JeremyT over 1 year

    We have a single DC and are trying to enforce Password Policies to all of our computers. We're trying to change it from the default 42 day max password age to 120 or so. The policy appears to be set on our computers, however it's not actually working. Our users end up changing their password every 30 days or so, no matter what GPO says. We only have one GPO that is setting the password policies.

    When I do a net user username on a user that had to change their password today it shows they shouldn't have to change it again until 4/8/15 and said 3/something last month when they had to change their password.

    Any ideas as to why the 120 day password expiration is not working?

    Password Policy:

    Enforce password history 6 passwords remembered

    Maximum password age 120 days

    Minimum password age 1 days

    Minimum password length 7 characters

    Password must meet complexity requirements Disabled

    Store passwords using reversible encryption Disabled

    Account Lockout Policy:

    Account lockout duration 5 minutes

    Account lockout threshold 20 invalid logon attempts

    Reset account lockout counter after 5 minutes

    • Kinnectus
      Kinnectus over 9 years
      Don't forget user password policies are set on the user portion of Group Policy and you have to attach the policy to an OU containing the users you want the policy to apply to... I accidentally tapped to submit. Sorry!
    • JeremyT
      JeremyT over 9 years
      I'm not aware of any password policies under users. Only Computer/Policies/Windows/Security/Account/Password. This path does not exist on the user side of things. So does it have to be set at the OU level and not the DC level? I currently have it linked to our domain that has multiple OU's. (It's enabled and enforced, of course)
    • Kiquenet
      Kiquenet almost 8 years
      How can I get those values and modify programmatically using C# and System.DirectoryServices.AccountManagement ?
  • JeremyT
    JeremyT almost 9 years
    You sir. You just made me giddy with excitement. I never knew this program ever existed. Thank you so much!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

When Windows 7 tells me 'Consider changing your password', how long have I got until password expiry?
Windows 7 Stuck on "Applying Software Installation policy" for extended period of time
Server 2012 GPO: PowerShell Script on Computer Startup not running
Shutdown clients when no one is logged in at a specified time
Folder Redirection GPO setting desktop but not showing it
"Temporarily" disable group policy?
GPO Denied (Security Filter) not applying
See disk disk information Windows Server 2012
Device manager access for non admins
Windows 7 unable to log in