Password Violations

Password Violations

PROBLEM: There is no way of setting password policy on individual user accounts in bulk based on a resource group as can be done for password resets.

Here's the ISSUE:

1. I auto import all servers ( say 100 servers ) in the domain ( each server has admin1, admin2 and guest accounts )
2. The servers are automatically assigned to a dynamic criteria based Resource Group that includes user account = admin2 as one of the criteria
    Password Policy is set to password < 30 days and 4-20 chrs with special characters, numbers etc. on the Resource Group
    A report on compliance shows 300 passwords in violation of the password policy and 300 password will show as expired after 30 days
4. I set a password reset schedule on the Resource Group and Trigger it - 100 Passwords ( for admin2 ) are reset 
    A report on compliance shows 200 passwords in violation of the password policy and 200 password will show as expired after 30 days
5. I create a criteria based Resource Group to set password policy in bulk where user account = admin1 and set the password policy to 1-20 length no special chrs and 0 days expiry
    A report on compliance shows 0 passwords in violation of the password policy and 0 password will show as expired after 30 days 

BUT now the password policy for all user accounts is 1-20 length no special chrs and 0 days expiry so my report is useless.  I WANT the password policy on admin2 to be a secure one and admin1 and guest the insecure one so they do not show up in the reports.

I DO NOT ( and in fact can't but that's another issue ) want to reset all of the local accounts on every server.  The Resource Group described in 2. above gives me that ability BUT...

I CANNOT find a way of setting the password policy on admin1 and guest to the insecure password policy and on admin2 to the secure password policy so the compliance report shows no violations and at the next reset the admin2 passwords are reset to secure values and if any fail the compliance report will show me which passwords are > 30 days and need remediation.

So either I have a report showing 200 violations or 0 violations where all accounts use insecure passwords.

Lee

 
https://clan8blog.wordpress.com/
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products