> want to tread carefully as they are reportedly paying these guys upward of a million pounds
All the more reason to raise the issue with your clients if you want to maintain credibility. What ended up called FGPP in 2008 was one of the top features requested in AD since its inception and the topic has been thrashed to death. Anyone architecting AD DS who doesn't understand the fundamental elements of password policy has no business selling their services at that level. If I was the client and someone in my employ failed to point out something this elemental to me I would not be a happy camper. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, October 28, 2010 6:38 AM To: NT System Admin Issues Subject: Re: Windows 2008 password policies I am doing so, but want to tread carefully as they are reportedly paying these guys upward of a million pounds for the solution they are building. Why I'm not in the business of tendering for projects like this, I may never know. On 28 October 2010 14:35, Michael B. Smith <mich...@smithcons.com> wrote: You may want to raise your concerns with the client, so you aren't seen as part of the problem. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, October 28, 2010 9:24 AM To: NT System Admin Issues Subject: Re: Windows 2008 password policies Don't make me any more nervous. They are designing everything, AD, Exchange, AppSense, Citrix. They took one look at my designs when I first got here and binned them. From what I have seen the logon time for the new domain is already nearing two minutes. But as I am a contractor I am keeping my mouth firmly shut. More problems post go-live = contract extension On 28 October 2010 14:17, Webster <carlwebs...@gmail.com> wrote: MBS and KS are correct, your conslutants are full of crap. Are you sure you want to use these people? I don't think I would let them anywhere near a DC or XenApp server. Webster From: James Rankin [mailto:kz2...@googlemail.com] Subject: Windows 2008 password policies I know Windows 2008 AD supports fine-grained password policies, I also thought this was done through adsiedit voodoo such as documented here (http://technet.microsoft.com/en-us/library/cc770842%28WS.10%29.aspx). I have a team of consultants on site who are telling me that fine-grained password policies can simply be set by blocking GPO inheritance on the Citrix servers OU (which is where all the computers sit that all our users log on to) and linking a new GPO to the OU which will override the default domain policy. Are they right, or am I? We are simply looking at disabling the password complexity requirement for the test users in the new domain, and they won't let me have an account at the minute to test things (maybe they are worried I might find some errors), which is why I am having to ask. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin