2003 GP/Password complexity questions
- From: "Scott Cooper" <imscoop22@xxxxxxxxx>
- Date: 7 Jul 2005 11:44:11 -0700
I have a new 2003 AD domain and am looking for some guidance with the
following:
1. In regard to password complexity being enabled by default, I've
poked around the newsgroups/docs and understand how to turn this off
but haven't actually done it and don't fully understand the
requirements. I've seen it stated that you must set the password
policy options to disable this in the "Default Domain Policy" and I've
also seen it stated that this merely needs to be done "at the domain
level" which leads me to think that you could create another GPO at the
domain level that will effectively loosen password complexity
restrictions w/o having to modify the Defualt...
Can someone tell me which is the case? if so, are there advantages to
doing it one way or the other?
2. I have a fairly small network and will only need to use a basic set
of GPO's to accomplish what I need. Namely, I will mainly be using GP
for account policies, audit policies, security settings, and maybe
software installation. I'm trying to decide the best strategy for
dividing up the policies...i.e. should I use one policy for
workstations and one for servers (since I do want to manage them
differently), each with the aforementioned settings? or would it be
best to use separate GPO's for both. In other words, is there a good
reason to have separate GPO's for separate functions...so for servers
I'd have an account policy object, an audit policy object, and do the
same for workstations (in this case 4 total)?
Sorry for the long post...thanks to anyone willing to give me some
guidance or ideas!
.
- Follow-Ups:
- Re: 2003 GP/Password complexity questions
- From: GeeB
- Re: 2003 GP/Password complexity questions
- Prev by Date: RE: Upgrading the Domain
- Next by Date: Re: AD Proxy
- Previous by thread: How can I get a background on all my client machines?
- Next by thread: Re: 2003 GP/Password complexity questions
- Index(es):
Relevant Pages
|
