Wednesday, April 25, 2012

Changing Password Policy on a Windows 2008 R2 Domain Controller

I recently set up a domain controller in a virtual machine and installed all of my applications into it (including SharePoint 2010).

Of course, when using a Domain Controller several of the SharePoint Services utilize a domain account to run the services.  As you can probably guess, as soon as the password changes for the domain account, I will either have to CHANGE all of the passwords for the various SharePoint Windows Services, or more simply, CHANGE the Password Policy on the Domain Controller.

  1. At the Run Command, type gpmc.msc
  2. Once the Group Policy Management Console opens, expand the Domains folder to reveal your domain
  3. Expand your domain until you see the Group Policy Objects folder
  4. Expand the Group Policy Objects folder to reveal the Default Domain Policy
  5. In the right hand pane, click on the Settings tab
  6. Expand Windows Settings-->Security Settings-->Account Policies/Password Policy
  7. Once the Password Policy settings are revealed, right click in the area and select Edit
  8. Once the Group Policy Management Editor opens, beneath Computer Configuration, expand Policies-->Windows Settings-->Security Settings-->Account Policies
  9. Click to highlight Password Policy
  10. You should now see the various password policies in the right hand pane
  11. You can now change the various settings to whatever values you choose.  If you wish to remove the most common password annoyances, you can set the following to 0
    1. Enforce password history
    2. Maximum password age
    3. Minimum password age
  12. That is it!!  You should no longer have to change the password on your user accounts even when the "Password never expires" setting is not set on your individual users in Active Directory!!

No comments:

Post a Comment