Re: password complexity
From: Marin Marinov (mlmarinov_at_askme.ca)
Date: 04/25/04
- Next message: Eric Fleischman [MSFT]: "Re: userpassword - ADAM"
- Previous message: Simon Geary: "Re: Forest issues & Shared services- Migrating out of NT4...?"
- In reply to: Derek Melber [MVP]: "Re: password complexity"
- Next in thread: Marin Marinov: "Re: password complexity"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 25 Apr 2004 09:17:58 -0400
<snip>
Ooook, now you really got me confused, Derek, and the "worst" part is
you're right ;) From my tests it appeared that the only Password policy
option available for change is Minimum password length and it's indeed
set to 7. And, of course, when I disable it in the domain-linked GPO the
local takes precedence. The question is: why? All other options are
disabled, plus I haven't seen a single document that didn't state that:
"For domain accounts, there can be only one account policy. The account
policy must be defined in the Default Domain policy and is enforced by
the domain controllers that make up the domain. A domain controller
always obtains the account policy from the Default Domain Policy Group
Policy object, even if there is a different account policy applied to
the organizational unit that contains the domain controller"
So, I'm extremely curious to know the reasoning behind this (and I'm
sure Microsoft have solid arguments). It's really interesting to test
the behaviour on several DCs (which reminds me to set up another VM ;)).
Please post if you have the chance to experiment with this, Derek.
-- Cheers, Marin Marinov MCT,MCSE 2003,MCSE:Security 2003 - This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Eric Fleischman [MSFT]: "Re: userpassword - ADAM"
- Previous message: Simon Geary: "Re: Forest issues & Shared services- Migrating out of NT4...?"
- In reply to: Derek Melber [MVP]: "Re: password complexity"
- Next in thread: Marin Marinov: "Re: password complexity"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
