Re: AD User Password Policies
- From: "Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 15 Aug 2005 23:18:10 +0200
"schmeckendeugler" <schmeckendeugler@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:7630A718-C9DF-4952-8C02-F9742427261C@xxxxxxxxxxxxxxxx
Greetings.
I have questions RE applying Password Policies. I have an AD running on 2 2k+3 DC's. First:
-I notice that a group policy to control user passwords is actually a
machine policy. What would be the best OU to apply this to? I have separate
OU's for users and machines.
-I want users to reset passwords every 30 days, but the annoying pop-up comes TWO WEEKS before they are required to change their password. Is this time limit hackable?
Hello Schmeckendeugler,
if you change the password policies at any other level than the domain level it applies only to the local accounts of the computers where the policy applies to.
If you want password policies to apply to domain users you need to set them in a policy which applies to the domain object (or the Default Domain Policy).
The time limit is a policy as well, which applies to the computer objects. Look in Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options for Interactive Logon: Prompt user to change password before expiration.
-- Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
.
- Follow-Ups:
- Re: AD User Password Policies
- From: schmeckendeugler
- Re: AD User Password Policies
- References:
- AD User Password Policies
- From: schmeckendeugler
- AD User Password Policies
- Prev by Date: Win2K - Win2K3
- Next by Date: Re: Win2K - Win2K3
- Previous by thread: AD User Password Policies
- Next by thread: Re: AD User Password Policies
- Index(es):
Relevant Pages
|
