Re: Password Policy & GPO Settings

From: Veets (dddetrretsssadasy_at_hotnospmamail.com)
Date: 07/21/04 

Date: Wed, 21 Jul 2004 12:18:38 -0400

Thanks for replying Paul but I'm not exactly sure what you mean in your
first paragraph. Can you elaborate a little?
Best reagrds,
Veets

"Paul Bergson" <pbergson@mnpower.com> wrote in message
news:eDGAYxzbEHA.2880@TK2MSFTNGP12.phx.gbl...
> Domain Account settings are all that apply for users. If you set policies
> up for users at an OU level it will be ignored. Local is a different
story
> but it only effects user authenticating to there local machine and has no
> effect on the domain.
>
> If you want to implement multiple password policies you can pick up a
third
> party product. We use Password Policy Enforcer but there are many
different
> ones available. Just search on password policy with your web search
engine.
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
>
> "Veets" <dddetrretsssadasy@hotnospmamail.com> wrote in message
> news:uGTIiqzbEHA.1644@tk2msftngp13.phx.gbl...
> > Hello,
> > We're running a Windows 2000 domain & I have a few questions about the
> > domain password policy settings.
> > I'm familiar with the GPO inheritance order -> Local -> Site -> Domain
> > GPO -> OU
> > I've read however, that you can only have 1 password policy setup for
your
> > domain which is defined at the default GPO (I read it in the following
> > article ->
> >
>
http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/enforce_strong_passwords.mspx)
> >
> > As far as I understand it, what this means is that even if you define a
> new
> > password policy on an OU, it will not work since the OU will 'pick up'
the
> > default GPO password settings? Is this correct? Also, will the default
GPO
> > settings override the 'Account Lockout Policy' & 'Event Log' options of
> the
> > new OU as well?
> > If I'm right, does this mean that I'll need to create a new domain to
get
> > around this problem?
> > I hope my questions are clear enough.
> > Any input is greatly appreciated. TIA
> > Best regards,
> > Veets
> >
> >
> >
>
>

Relevant Pages

  • Re: Password policy
    ... you password expires" on client desktops connected to a AD domain. ... occured if an end-user logged into a Windows 2003 Exchange OWA server. ... Domain Controller Security Settings" and "Default Domain Security Settings" ... > the password policy, and link it to domain controllers. ...
    (microsoft.public.win2000.security)
  • Re: applying group policy
    ... The settings are not applying. ... > Are you trying to implement password policy with this GPO? ... What i have tried is on the domain controler set up an ... >> organisational unit and added the names of the user and computer that i ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password Policy & GPO Settings
    ... I was under the impression that you can link/ apply the GPO to either the ... applied to the authentication method; ... No, a password policy is for DOMAN, not for DomainControllers; ... specify your password policy in the domain security settings, ...
    (microsoft.public.win2000.active_directory)
  • Re: Password Expiration Settings
    ... Seems to me there's a Small Business Server Domain password policy, ... Have a look at the settings there. ... Les Connor [SBS Community Member] ...
    (microsoft.public.windows.server.sbs)
  • Re: Password policy question
    ... > We currently have a Windows 2003 and Novell 5 infrastructure. ... When I set a password policy on my Win2003 domain will it take ... > 60 days and the user accounts have never had to change before? ... > settings than the domain policy For example the default is change ...
    (microsoft.public.windows.server.active_directory)