RE: How to Enforce Complex Password Policy for Selected Users Only

From: Kevan Smith (Kevan.Smith_at_tideworks.com)
Date: 09/21/04

  • Next message: arif.jatmoko_at_sea.ccamatil.com: "Re: Application sniffer" 
    Date: Tue, 21 Sep 2004 09:16:37 -0700
To: "RIFAN Mohammed" <m_rifan@yahoo.co.uk>, <focus-ms@securityfocus.com>

    Without 3d party tools, you cannot have separate policies applied to
    different user accounts in the same domain. We use Password Policy
    Enforcer with good results (www.anixis.com).

    When using standard Windows policies, such security measures take effect
    on the system, not the user. In a domain environment, the 'system' is
    the domain controller, not the clients desktop. So, in the case of
    _local_ accounts, you can have a separate policy applied to any computer
    (via local policy), or the users OU (via GPO). In the case of domain
    accounts the relevant password policy is the one applied to the Domain
    Controllers OU, and effects ALL user accounts for that domain.

    -----Original Message-----
    From: RIFAN Mohammed [mailto:m_rifan@yahoo.co.uk]
    Sent: Monday, September 20, 2004 8:20 AM
    To: focus-ms@securityfocus.com
    Subject: How to Enforce Complex Password Policy for Selected Users Only

    Dear Friends,

    Can anyone advice me how to Enforce Complex Password Policy in Windows
    2000 for Selected Users Only (Not for all the Users).

     

    Thanks

                    
    _______________________________
    Do you Yahoo!?
    Declare Yourself - Register online to vote today!
    http://vote.yahoo.com

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: arif.jatmoko_at_sea.ccamatil.com: "Re: Application sniffer"

    Relevant Pages

    • Re: Simple question on Password Policy
      ... The password policy is enforced by whatever computer owns the user account. ... Default Domain policy so that it is enforced by all domain member computers ... For domain user accounts, it is the domain ... those computers enforce whatever password policy applies to ...
      (microsoft.public.win2000.group_policy)
    • Re: Password policy question
      ... > We currently have a Windows 2003 and Novell 5 infrastructure. ... When I set a password policy on my Win2003 domain will it take ... > 60 days and the user accounts have never had to change before? ... > settings than the domain policy For example the default is change ...
      (microsoft.public.windows.server.active_directory)
    • Re: where to apply?
      ... >>You can not have a password policy applied to the OU level and have it ... >>user accounts to any computer account objects that might reside in the OU ... You apply the password policy GPO to his OU. ... The Password Policy affects all user account objects. ...
      (microsoft.public.win2000.group_policy)
    • Re: where to apply?
      ... >Password Policy is a special animal. ... >user accounts to any computer account objects that might reside in the OU to ... You apply the password policy GPO to his OU. ... Thanks Mini Me. ...
      (microsoft.public.win2000.group_policy)
    • Re: where to apply?
      ... Password Policy is a special animal. ... user accounts to any computer account objects that might reside in the OU to ... You want to set a password policy so that employees have ...
      (microsoft.public.win2000.group_policy)