Re: Turning on Password Policy
From: Tyler (Tyler_at_discussions.microsoft.com)
Date: 02/10/05
- Next message: Freelancer: "Re: DCPromo"
- Previous message: Andrei Ungureanu: "Re: Only allow authenticated domain users Internet access?"
- In reply to: ptwilliams: "Re: Turning on Password Policy"
- Next in thread: ptwilliams: "Re: Turning on Password Policy"
- Reply: ptwilliams: "Re: Turning on Password Policy"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Feb 2005 04:37:02 -0800
Paul,
I currently do not have a password expiration set so I will just mark X
number of accounts each to to change password at next logon. Thanks
Tyler
"ptwilliams" wrote:
> The policy will not come into affect immediately. If you configure it now,
> users will not need to meet these requirements until their current passwords
> expire, so it should be staggered anyway.
>
> A point I must clarify here though is that password policy can *only* be
> applied at the domain level and is domain-wide. If you apply it at the OU
> level, it will only apply to local accounts on computers within that OU.
>
> The following article might better explain this:
> -- http://www.msresource.net/content/view/36/46/
>
>
> If you currently have no expiration set, then you might want to select a
> couple of users each day and set the user must change password at next logon
> option. If you have many users, you can script this and run the script
> against a small subset of users every couple of days.
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Tyler" <Tyler@discussions.microsoft.com> wrote in message
> news:306D0786-1B55-4A3F-9FD1-F6AF45D9D960@microsoft.com...
> This is for the default domain policy as I want all my users to have the
> same
> password policy.
>
> Tyler
>
> "M3John" wrote:
>
> > Is this for LOCAL security policy or default domain policy?
> >
> > eitherway..unless a certain user is within a certain OU, the policy WON'T
> > take effect until that particular user has been added to that OU.
> > (I.e. -
> > if you default location for all users are "users," then create another OU
> > called "migrated users" so that the policy only takes effect for users in
> > this OU. Then you can add the 20 users you want and the policy would only
> > effect them.)
> >
> > Just a thought. Good luck.
> >
> > "Tyler" wrote:
> >
> > > Currently my company does not have a password policy (no complexity, no
> > > expiration, no lockout etc) We are going to implement the following
> > > policy.
> > > We have about 100 users.
> > >
> > > 8 characters log
> > > windows remembers the last 5
> > > lockout after 5 failed attempts
> > > reset lockout count after 30 minutes
> > > must use 3 of the standard 4 character sets
> > > passwords expire every 180 days
> > >
> > > When I turn on the policy I don't want to have all my users to have to
> > > change their password at the same time. If I select 20 users at a time
> > > and
> > > turn on "User much change password at next logon" can I stagger the
> > > enforcement? If this will not work is there another way?
> > >
> > > Thanks.
>
>
>
- Next message: Freelancer: "Re: DCPromo"
- Previous message: Andrei Ungureanu: "Re: Only allow authenticated domain users Internet access?"
- In reply to: ptwilliams: "Re: Turning on Password Policy"
- Next in thread: ptwilliams: "Re: Turning on Password Policy"
- Reply: ptwilliams: "Re: Turning on Password Policy"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
