RE: Windows 2000 password policy

From: Jim Barrett (jimb_at_ins.com)
Date: 06/24/03

  • Next message: Justin Pryzby: "Re: Filtering DHCP Assignments by MAC Address"
    To: "'Leo, Joel'" <Joel.Leo@cw.com>, "'hong li'" <hong_li_98@yahoo.com>, <focus-ms@securityfocus.com>
    Date: Tue, 24 Jun 2003 07:50:07 -0400
    
    

    I'm not sure it even works that way. I tested this on a system that was
    a member of a domain, and even if you manually change the settings in
    the local policy, the Effective policy setting (which comes from the
    domain policy) does not change. Note that I did not touch the domain
    policy. It still has the Windows default settings.

    Jim Barrett, MCSE, CISSA, CISSP, CCNP
    Principal Consultant
    International Network Services
    Boston, MA

    -----Original Message-----
    From: Leo, Joel [mailto:Joel.Leo@cw.com]
    Sent: Monday, June 23, 2003 11:37 PM
    To: Jim Barrett; hong li; focus-ms@securityfocus.com
    Subject: RE: Windows 2000 password policy

    You can set a password policy on an ou, but it will only affect _local_
    users that log into the machines in that ou.

    Joel

    -----Original Message-----
    From: Jim Barrett [mailto:jimb@ins.com]
    Sent: Monday, June 23, 2003 10:59 AM
    To: 'hong li'; focus-ms@securityfocus.com
    Subject: RE: Windows 2000 password policy

    Nope. You can't get there from here as the saying goes. This is
    because Windows 2000 had to maintain backward compatibility with NT 4.0,
    and in NT 4, the Domain was the security boundary. Same is true with
    W2k/W2k3.

    You will see the options for setting password policy in the OU GPO, but
    changes there will not affect anything.

    Jim

    Jim Barrett, MCSE, CISSA, CISSP, CCNP
    Principal Consultant
    International Network Services
    Boston, MA

    -----Original Message-----
    From: hong li [mailto:hong_li_98@yahoo.com]
    Sent: Monday, June 23, 2003 1:16 PM
    To: focus-ms@securityfocus.com
    Subject: Windows 2000 password policy

    Hi, everyone

    Does anyone know that you can set password policy
    change at OU level instead of domain level? or any
    other suggestions?

    Thanks!

    Hong

    __________________________________
    Do you Yahoo!?
    SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com

    ------------------------------------------------------------------------
    -----
    ------------------------------------------------------------------------
    ------

    ------------------------------------------------------------------------
    -----
    ------------------------------------------------------------------------
    ------

    -----------------------------------------------------------------------------
    ------------------------------------------------------------------------------


  • Next message: Justin Pryzby: "Re: Filtering DHCP Assignments by MAC Address"

    Relevant Pages

    • RE: Windows 2000 password policy
      ... Subject: Windows 2000 password policy ... change at OU level instead of domain level? ... SBC Yahoo! ...
      (Focus-Microsoft)
    • Re: Password policy
      ... Password policies must be set at the domain level. ... Windows 2003 as well. ... > the password policy, and link it to domain controllers. ... > replicate to all domain computers. ...
      (microsoft.public.win2000.security)
    • Password cannot be changed in organization
      ... I have Windows 2000. ... Password policy is domain level. ... I have minimum password time as: ...
      (microsoft.public.win2000.active_directory)
    • Re: 2003 AD Security policy question
      ... > That has not changed for Windows 2003. ... > password policy for a group domain users, ... > into smart cards for that group of users and configure their user accounts ... >> up a stronger password policy for certain groups. ...
      (microsoft.public.win2000.security)
    • Re: SQL Server 2005 password policy
      ... I think you will find that you can't change the password policy in Windows ... XP and have it affect your SQL passwords. ... Server 2005 implements a default password complexity policy so this is ...
      (microsoft.public.sqlserver.security)