Re: Password Policy
From: Stacy (Stacy_at_discussions.microsoft.com)
Date: 02/14/05
- Previous message: Bjorn Landemoo: "Re: Can I change the drive letter assigned to the boot partition?"
- In reply to: Danny Sanders: "Re: Password Policy"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 14 Feb 2005 12:21:04 -0800
I understand all that. But I think you should have an option. You can have
resources reqire more complex password, where as a temp employee with limited
access, a less complex requirement.
"Danny Sanders" wrote:
> >> If I under stand this correctly, you can only set the password policy in
> >> the
> >> Defaul Domain Policy? That makes no sense.
>
>
> It makes sense if you look at it from the stand point of security. If there
> are resources on the domain sensitive enough to require "strong" passwords,
> setting up a group without "strong" passwords on the same domain amounts to
> the administrator creating a security hole.
>
> hth
> DDS W 2k MVP MCSE
>
> "Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
> news:edyuQXqEFHA.2876@TK2MSFTNGP12.phx.gbl...
> > Hi,
> >
> > Yes, you can only have one policy for entire domain.
> >
> > You can still set the policy on OU, but this policy will only influence
> > the local accounts on the computers that are in the OU (that policy
> > affects). This is true for Windows 2000 and Windows 2003 domain.
> >
> > Account and local policies
> > http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/sag_SCEacctpols.asp
> >
> > If you need different password policies for different users inside domain,
> > you will have to create another domain (e.g. child domain) and move these
> > users to child domain.
> >
> > --
> > Mike
> > Microsoft MVP - Windows Security
> >
> > "Stacy" <Stacy@discussions.microsoft.com> wrote in message
> > news:5DB7E5F3-6C23-45B8-AA45-A371C6060ECE@microsoft.com...
> >> If I under stand this correctly, you can only set the password policy in
> >> the
> >> Defaul Domain Policy? That makes no sense. Why then the options under
> >> group
> >> policy.
> >>
> >> "Mike Brannigan [MSFT]" wrote:
> >>
> >>> "Stacy" <Stacy@discussions.microsoft.com> wrote in message
> >>> news:AB95A684-6558-4071-BE92-2745C6A38E4A@microsoft.com...
> >>> > Can someone tell me if the computer configuraration\windows
> >>> > setting\security
> >>> > settings\password policy in a group policy will be able to set
> >>> > password
> >>> > policy's for different users. We have different groups of users and
> >>> > would
> >>> > like to have different password requirements for each group.
> >>> > Can something like this be applied only at the default domain policy
> >>> > level.
> >>> > Thanks.
> >>>
> >>> There is only one password policy for the entire domain in Windows
> >>> Server
> >>> 2000/2003.
> >>>
> >>> --
> >>>
> >>> Regards,
> >>>
> >>> Mike
> >>> --
> >>> Mike Brannigan [Microsoft]
> >>>
> >>> This posting is provided "AS IS" with no warranties, and confers no
> >>> rights
> >>>
> >>> Please note I cannot respond to e-mailed questions, please use these
> >>> newsgroups
> >>>
> >>> "Stacy" <Stacy@discussions.microsoft.com> wrote in message
> >>> news:AB95A684-6558-4071-BE92-2745C6A38E4A@microsoft.com...
> >>> > Can someone tell me if the computer configuraration\windows
> >>> > setting\security
> >>> > settings\password policy in a group policy will be able to set
> >>> > password
> >>> > policy's for different users. We have different groups of users and
> >>> > would
> >>> > like to have different password requirements for each group.
> >>> > Can something like this be applied only at the default domain policy
> >>> > level.
> >>> > Thanks.
> >>>
> >>>
> >>>
> >
> >
>
>
>
- Previous message: Bjorn Landemoo: "Re: Can I change the drive letter assigned to the boot partition?"
- In reply to: Danny Sanders: "Re: Password Policy"
- Messages sorted by: [ date ] [ thread ]
