Group Policy: multiple password policies in the same domain?
From: Derick Anderson (danderson_at_vikus.com)
Date: 08/31/05
- Previous message: Rodrigo Blanco: "Active Directory password external use"
- Next in thread: Depp, Dennis M.: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Depp, Dennis M.: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Derick Anderson: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Delgado, Jacob M.: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Beauford, Jason: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Derick Anderson: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Derick Anderson: "RE: Group Policy: multiple password policies in the same domain?"
- Reply: Laura A. Robinson: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Kurt Dillard: "RE: Group Policy: multiple password policies in the same domain?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Aug 2005 07:31:44 -0400 To: <focus-ms@securityfocus.com>
I'm trying to lock down some domain "service" accounts (backup,
Exchange, SQL Server, Scheduled Tasks, etc.) where I work. We're an
application service provider (web-based) and we have only one domain at
the moment (sigh), shared by our production servers (big sigh) on the
same physical network (very big sigh). Our web application must run as a
domain account (throws up hands in exasperation).
Splitting the domain into production and non-production is in the works
but will realistically be at least a couple months away. In the mean
time I'm trying to enforce stronger passwords for service accounts like
those I mentioned above but I'm having problems using Group Policy to
specify that service accounts have a certain password policy while
regular users have another. I believe the problem is that password
policies are computer based instead of user based, so I can't specify
that specific users have one set of password policies while others have
a different one.
Would applying the policy to a specific set of computers affect only the
local accounts on those computers, or the entire domain? My theory is
that only the password policy on the domain controllers would affect
domain passwords, but I'd love to hear differently.
Any help would be appreciated.
Thanks,
Derick Anderson
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Rodrigo Blanco: "Active Directory password external use"
- Next in thread: Depp, Dennis M.: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Depp, Dennis M.: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Derick Anderson: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Delgado, Jacob M.: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Beauford, Jason: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Derick Anderson: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Derick Anderson: "RE: Group Policy: multiple password policies in the same domain?"
- Reply: Laura A. Robinson: "RE: Group Policy: multiple password policies in the same domain?"
- Maybe reply: Kurt Dillard: "RE: Group Policy: multiple password policies in the same domain?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
