Re: GPO and password policies
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: Fri, 21 Jan 2005 14:44:28 -0600
Keep in mind that another domain will create the need for at least two more
domain controllers. It would make more sense to increase security for all
domain users for password policy. Try to get users to think about password
phrases instead of passwords to make it easier to remember longer passwords.
Another alternative could be to use smart cards for sensitive accounts,
though a smart card reader would need to be available for every computer
where a smart card user would logon to if they were forced to use smart card
logon in their user account in AD Users and Computers. --- Steve
"SallyB" <SallyB@discussions.microsoft.com> wrote in message
> That may be what I'll have to do. I run a domain at a school and wanted
> staff to have more secure passwords than students. I thought I seen a
> question somewhere in a exam about different password policies but I must
> have been wrong.
> Thanks Danny
> "Danny Sanders" wrote:
>> Only one password policy to a domain. Stronger password policies is one
>> security measure to secure the resources on that domain. Creating a group
>> with "weaker" passwords amounts to creating a security hole.
>> Creating a different password policy on an OU will result in that
>> policy being applied when logging on locally to the PC rather than
>> on to the domain.
>> The need for differing password policies is one reason to create another
>> DDS W 2k MVP MCSE
>> "SallyB" <SallyB@discussions.microsoft.com> wrote in message
>> > Hi
>> > I want to apply different password policies to different user groups
>> > which
>> > are in different gpo's.How do I do this??
>> > Thanks
>> > Sally