Re: 2003 Domain Password Policy with NT 4.0 Workstations

From: Rob Lowe (none)
Date: 02/11/04 

Date: Wed, 11 Feb 2004 14:24:17 -0600

Thanks for your prompt reply!

I don't want to apply a restrictive password policy to my users still
running Windows NT 4.0, so would the following scenario work?

1. Modify the Default Domain Policy and remove the Account
Policies/Password Policy settings.
2. Create a new GPO object and define the Account Policies/Password Policy
settings here.
3. Define security so that the GPO with defined Account Policies/Password
Policy settings is only processed by security group containing user accounts
that have been migrated to Windows XP.

If this scenario would work, should this GPO be linked before or after the
Default Domain Policy is processed?

Thanks!

"Derek Melber [MVP]" <derekm@braincore.net> wrote in message
news:eh0nEED8DHA.2676@TK2MSFTNGP10.phx.gbl...
> Yes it would, if they are authenticating to Active Directory. Remember,
> Account POlicies are not user or client computer based... they are DC
based.
> They modify the DC to allow or disallow certain passwords. It is a filter
on
> the DC that forces the rules. So, if a Windows NT Workstation is joined to
> the AD domain, it will adhere to the Account Policy that is in place on
the
> domain.
>
> --
> Derek Melber
>
> "Rob Lowe" <none> wrote in message
> news:OF4B69C8DHA.2028@TK2MSFTNGP10.phx.gbl...
> > My client is in the process of migrating from Windows NT 4.0 SP6 with
the
> > AD-aware client to Windows XP SP1.
> >
> > We would like to apply a more stringent password policy to the domain to
> > force periodic password changes, retaining password history and
requiring
> > complex passwords.
> >
> > The question is: Would application of this password policy to all
> > Authenticated Users in the domain apply to users logging on from a
Windows
> > NT Workstation? (I believe that they would not since GPO's should not
be
> > processed by Windows NT computers, but I'm just looking for validation).
> >
> > Cheers!
> > -Rob
> >
> >
>
>

Relevant Pages

  • Windows Shortcut Keys and "ALT+TAB" not working because of GPO
    ... We've got an issue with a machine policy which prohibits us of using Windows ... Deny access to this computer from the network Support_388945a0, ... Policy Setting ...
    (microsoft.public.de.german.windowsxp.gruppen.richtlinien)
  • Re: GP errors
    ... Then later shutdown second one and start the first one. ... machine (MTCCSAPROUTER) to the domain and those errors are not coming. ... The policy for which it is giving access denied error is the Default ... Windows cannot query for the list of Group Policy objects. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Important information about XP SP2 .ADM Files
    ... The Windows 2000 fix is available here: ... >> your attention to an important issue related to Group Policy. ... >> an important issue around the use of the .ADM files we ship with XP SP2. ...
    (microsoft.public.windows.group_policy)
  • Re: Server 2K3 Remote Desktop Access - is this right place?
    ... All roads for that particular error of 'You do not have access to logon to ... On Windows Server 2003, launch GPEDIT.MSC from Start -> Run. ... Drill down and expand the following for Local Computer Policy: ... > Strange - when I activate the Remote Desktop Terminal from the server, ...
    (microsoft.public.win2000.advanced_server)
  • Re: Important information about XP SP2 .ADM Files
    ... The Windows 2000 fix is available here: ... >> your attention to an important issue related to Group Policy. ... >> an important issue around the use of the .ADM files we ship with XP SP2. ...
    (microsoft.public.win2000.group_policy)