Re: Password Policy & GPO Settings
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 07/21/04
- Next message: Javier Inglés [MS MVP]: "Re: Password Policy & GPO Settings"
- Previous message: Javier Inglés [MS MVP]: "Re: Workstation info in AD"
- In reply to: Javier Inglés [MS MVP]: "Re: Password Policy & GPO Settings"
- Next in thread: Javier Inglés [MS MVP]: "Re: Password Policy & GPO Settings"
- Reply: Javier Inglés [MS MVP]: "Re: Password Policy & GPO Settings"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 21 Jul 2004 23:07:20 +0100
I was under the impression that you can link/ apply the GPO to either the
DDP or the DDCP???
However, what I was trying to say was that these changes are only
appropriate to DCs - as it's the DCs that do the authenticating. When the
clients then authenticate, these changes are in effect because they are
applied to the authentication method (the DCs); not to the actual computers.
:-)
-- Paul Williams _________________________________________ http://www.msresource.net Join us in our new forums! http://forums.msresource.net _________________________________________ "Javier Inglés [MS MVP]" <jjingles2000@NOSPAMhotmail.com> wrote in message news:%236Pgb22bEHA.2812@tk2msftngp13.phx.gbl... No, a password policy is for DOMAN, not for DomainControllers; you must specify your password policy in the domain security settings, not domain controller security settings ;-)) I have some domains in this mode and function very well :-)) -- Salu2!!! Javier Inglés, MS-MVP http://mvp.support.microsoft.com/default.aspx e-m@il:jingles@NOSPAMmvps.org <<<QUITAR "NOSPAM" PARA MANDAR MAIL>>> Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho "ptwilliams" <ptw2001@hotmail.com> escribió en el mensaje news:OCeEDu2bEHA.3144@TK2MSFTNGP09.phx.gbl... > I can't see how this is the case?!? As password policy is applied to Domain > Controllers not domain members. Therefore filtering doesn't come into it. > The password policy applies to the DCs as they perform the authentication. > The policy is nothing to do with users or computers, only how a DC handles > aspects of authentication. > > -- > > Paul Williams > _________________________________________ > http://www.msresource.net > > > Join us in our new forums! > http://forums.msresource.net > _________________________________________ > > > "Javier Inglés [MS MVP]" <jjingles2000@NOSPAMhotmail.com> wrote in message > news:OeySEo2bEHA.368@TK2MSFTNGP10.phx.gbl... > Hi, another possibility is use the security tab and deny the access to one > GPO, with this, some groups can have one domain password policy and other > groups can have another policy :-) > > -- > Salu2!!! > > Javier Inglés, MS-MVP > http://mvp.support.microsoft.com/default.aspx > > e-m@il:jingles@NOSPAMmvps.org > <<<QUITAR "NOSPAM" PARA MANDAR MAIL>>> > > Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no > otorga ningún derecho > > > "Paul Bergson" <pbergson@mnpower.com> escribió en el mensaje > news:eDGAYxzbEHA.2880@TK2MSFTNGP12.phx.gbl... > > Domain Account settings are all that apply for users. If you set policies > > up for users at an OU level it will be ignored. Local is a different > story > > but it only effects user authenticating to there local machine and has no > > effect on the domain. > > > > If you want to implement multiple password policies you can pick up a > third > > party product. We use Password Policy Enforcer but there are many > different > > ones available. Just search on password policy with your web search > engine. > > > > -- > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA > > > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > > > > "Veets" <dddetrretsssadasy@hotnospmamail.com> wrote in message > > news:uGTIiqzbEHA.1644@tk2msftngp13.phx.gbl... > > > Hello, > > > We're running a Windows 2000 domain & I have a few questions about the > > > domain password policy settings. > > > I'm familiar with the GPO inheritance order -> Local -> Site -> Domain > > > GPO -> OU > > > I've read however, that you can only have 1 password policy setup for > your > > > domain which is defined at the default GPO (I read it in the following > > > article -> > > > > > > http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/enforce_strong_passwords.mspx) > > > > > > As far as I understand it, what this means is that even if you define a > > new > > > password policy on an OU, it will not work since the OU will 'pick up' > the > > > default GPO password settings? Is this correct? Also, will the default > GPO > > > settings override the 'Account Lockout Policy' & 'Event Log' options of > > the > > > new OU as well? > > > If I'm right, does this mean that I'll need to create a new domain to > get > > > around this problem? > > > I hope my questions are clear enough. > > > Any input is greatly appreciated. TIA > > > Best regards, > > > Veets > > > > > > > > > > > > > > >
- Next message: Javier Inglés [MS MVP]: "Re: Password Policy & GPO Settings"
- Previous message: Javier Inglés [MS MVP]: "Re: Workstation info in AD"
- In reply to: Javier Inglés [MS MVP]: "Re: Password Policy & GPO Settings"
- Next in thread: Javier Inglés [MS MVP]: "Re: Password Policy & GPO Settings"
- Reply: Javier Inglés [MS MVP]: "Re: Password Policy & GPO Settings"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
