RE: [ActiveDir] Password policy scenerio
Title: Message Hi Steve, still the same, no matter what OS, Forest or Domain Mode or SP. Gruesse - Sincerely, Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield Sent: Wednesday, September 01, 2004 4:07 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Password policy scenerio Is this the same as Windows 2003 Native Domain? - Original Message - From: Coleman, Hunter To: '[EMAIL PROTECTED]' Sent: Tuesday, August 31, 2004 8:32 PM Subject: RE: [ActiveDir] Password policy scenerio Password policies are domain-wide, so you can only have one per domain. If you have different requirements within a domain, you'll have to settle for voluntary compliance or carve off a separate domain. http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q269236 Hunter From: Steve Schofield [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password policy scenerio I have a question on password policy and get people's input. From what i read, most people or things I've read implement their password policy using the Default Domain Policy or a custom policy with this linked to the Top of the domain.There is some existing password settings in the Default Domain Policy but these aren't the settings I want to apply to my Persons OU. I want to create a custom policy with the correct password settings then link to the Persons OU. I've went ahead and done this and experiencing un-expected results. By default the Default Domain Policy is inherited on the Persons OU. then i have the custom Password Policy linked to this OU. I hate to have to implement the password at the top of the domain cause this could cause issues in the domain for other user accounts outside the Persons OU. I've created, linked acustom Password Policy to the Persons OU. when I do a gpresult, the custom Password policy processes after the Default Domain Policy. When I do gpresult, says all policies appliedbut the Default Domain Policy was currently setup to allow zero length passwords. I want to implement a 6 length minimum but it still allows people to have zero-lengthed policy when changing their password on a workstation in this domin. I don't want to put the authenticated users (in the filtered list of the GPO) in the custom password policy that is linked to the Persons OU until I get expected results with a few machines and test users. Would I have to , in the filtered list of the custom password policy, the userID and machine they are logging into to insure the custom password policy is applied. Currently people can reset their password to zero length. I'm missing the obvious but would appreciate input. Sorry for the long post but wanted to share what i've done so far. Steve
RE: [ActiveDir] Password policy scenerio
Title: Message Check out Password Policy Enforcer. I think it has the ability to create different policies based on group memebership within the same domain. Dave From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-WeidnerSent: Wednesday, September 01, 2004 11:21 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Password policy scenerio Hi Steve, still the same, no matter what OS, Forest or Domain Mode or SP. Gruesse - Sincerely, Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve SchofieldSent: Wednesday, September 01, 2004 4:07 AMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Password policy scenerio Is this the same as Windows 2003 Native Domain? - Original Message - From: Coleman, Hunter To: '[EMAIL PROTECTED]' Sent: Tuesday, August 31, 2004 8:32 PM Subject: RE: [ActiveDir] Password policy scenerio Password policies are domain-wide, so you can only have one per domain. If you have different requirements within a domain, you'll have to settle for voluntary compliance or carve off a separate domain. http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q269236 Hunter From: Steve Schofield [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 6:11 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Password policy scenerio I have a question on password policy and get people's input. From what i read, most people or things I've read implement their password policy using the Default Domain Policy or a custom policy with this linked to the Top of the domain.There is some existing password settings in the Default Domain Policy but these aren't the settings I want to apply to my Persons OU. I want to create a custom policy with the correct password settings then link to the Persons OU. I've went ahead and done this and experiencing un-expected results. By default the Default Domain Policy is inherited on the Persons OU. then i have the custom Password Policy linked to this OU. I hate to have to implement the password at the top of the domain cause this could cause issues in the domain for other user accounts outside the Persons OU. I've created, linked acustom Password Policy to the Persons OU. when I do a gpresult, the custom Password policy processes after the Default Domain Policy. When I do gpresult, says all policies appliedbut the Default Domain Policy was currently setup to allow zero length passwords. I want to implement a 6 length minimum but it still allows people to have zero-lengthed policy when changing their password on a workstation in this domin. I don't want to put the authenticated users (in the filtered list of the GPO) in the custom password policy that is linked to the Persons OU until I get expected results with a few machines and test users. Would I have to , in the filtered list of the custom password policy, the userID and machine they are logging into to insure the custom password policy is applied. Currently people can reset their password to zero length. I'm missing the obvious but would appreciate input. Sorry for the long post but wanted to share what i've done so far. Steve
RE: [ActiveDir] Password policy scenerio
Title: Message Password policies are domain-wide, so you can only have one per domain. If you have different requirements within a domain, you'll have to settle for voluntary compliance or carve off a separate domain. http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q269236 Hunter From: Steve Schofield [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 6:11 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Password policy scenerio I have a question on password policy and get people's input. From what i read, most people or things I've read implement their password policy using the Default Domain Policy or a custom policy with this linked to the Top of the domain.There is some existing password settings in the Default Domain Policy but these aren't the settings I want to apply to my Persons OU. I want to create a custom policy with the correct password settings then link to the Persons OU. I've went ahead and done this and experiencing un-expected results. By default the Default Domain Policy is inherited on the Persons OU. then i have the custom Password Policy linked to this OU. I hate to have to implement the password at the top of the domain cause this could cause issues in the domain for other user accounts outside the Persons OU. I've created, linked acustom Password Policy to the Persons OU. when I do a gpresult, the custom Password policy processes after the Default Domain Policy. When I do gpresult, says all policies appliedbut the Default Domain Policy was currently setup to allow zero length passwords. I want to implement a 6 length minimum but it still allows people to have zero-lengthed policy when changing their password on a workstation in this domin. I don't want to put the authenticated users (in the filtered list of the GPO) in the custom password policy that is linked to the Persons OU until I get expected results with a few machines and test users. Would I have to , in the filtered list of the custom password policy, the userID and machine they are logging into to insure the custom password policy is applied. Currently people can reset their password to zero length. I'm missing the obvious but would appreciate input. Sorry for the long post but wanted to share what i've done so far. Steve
Re: [ActiveDir] Password policy scenerio
Title: Message Is this the same as Windows 2003 Native Domain? - Original Message - From: Coleman, Hunter To: '[EMAIL PROTECTED]' Sent: Tuesday, August 31, 2004 8:32 PM Subject: RE: [ActiveDir] Password policy scenerio Password policies are domain-wide, so you can only have one per domain. If you have different requirements within a domain, you'll have to settle for voluntary compliance or carve off a separate domain. http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q269236 Hunter From: Steve Schofield [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 6:11 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Password policy scenerio I have a question on password policy and get people's input. From what i read, most people or things I've read implement their password policy using the Default Domain Policy or a custom policy with this linked to the Top of the domain.There is some existing password settings in the Default Domain Policy but these aren't the settings I want to apply to my Persons OU. I want to create a custom policy with the correct password settings then link to the Persons OU. I've went ahead and done this and experiencing un-expected results. By default the Default Domain Policy is inherited on the Persons OU. then i have the custom Password Policy linked to this OU. I hate to have to implement the password at the top of the domain cause this could cause issues in the domain for other user accounts outside the Persons OU. I've created, linked acustom Password Policy to the Persons OU. when I do a gpresult, the custom Password policy processes after the Default Domain Policy. When I do gpresult, says all policies appliedbut the Default Domain Policy was currently setup to allow zero length passwords. I want to implement a 6 length minimum but it still allows people to have zero-lengthed policy when changing their password on a workstation in this domin. I don't want to put the authenticated users (in the filtered list of the GPO) in the custom password policy that is linked to the Persons OU until I get expected results with a few machines and test users. Would I have to , in the filtered list of the custom password policy, the userID and machine they are logging into to insure the custom password policy is applied. Currently people can reset their password to zero length. I'm missing the obvious but would appreciate input. Sorry for the long post but wanted to share what i've done so far. Steve
RE: [ActiveDir] Password policy scenerio
Title: Message Steve, Creating a password policy and linking it to an OU will affect local accounts only. So, if I understood your post correctly, a domain user can have a zero length password, but if they wanted to create or reset a local account say, on a workstation, they will need to meet the six character password requirement. Remember, different password policies for different users is one of the few reasons to have a separate domain. Dan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield Sent: Tuesday, August 31, 2004 5:11 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password policy scenerio I have a question on password policy and get people's input. From what i read, most people or things I've read implement their password policy using the Default Domain Policy or a custom policy with this linked to the Top of the domain.There is some existing password settings in the Default Domain Policy but these aren't the settings I want to apply to my Persons OU. I want to create a custom policy with the correct password settings then link to the Persons OU. I've went ahead and done this and experiencing un-expected results. By default the Default Domain Policy is inherited on the Persons OU. then i have the custom Password Policy linked to this OU. I hate to have to implement the password at the top of the domain cause this could cause issues in the domain for other user accounts outside the Persons OU. I've created, linked acustom Password Policy to the Persons OU. when I do a gpresult, the custom Password policy processes after the Default Domain Policy. When I do gpresult, says all policies appliedbut the Default Domain Policy was currently setup to allow zero length passwords. I want to implement a 6 length minimum but it still allows people to have zero-lengthed policy when changing their password on a workstation in this domin. I don't want to put the authenticated users (in the filtered list of the GPO) in the custom password policy that is linked to the Persons OU until I get expected results with a few machines and test users. Would I have to , in the filtered list of the custom password policy, the userID and machine they are logging into to insure the custom password policy is applied. Currently people can reset their password to zero length. I'm missing the obvious but would appreciate input. Sorry for the long post but wanted to share what i've done so far. Steve