Re: GPO and password policies

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/21/05 

Date: Fri, 21 Jan 2005 14:44:28 -0600

Keep in mind that another domain will create the need for at least two more
domain controllers. It would make more sense to increase security for all
domain users for password policy. Try to get users to think about password
phrases instead of passwords to make it easier to remember longer passwords.
Another alternative could be to use smart cards for sensitive accounts,
though a smart card reader would need to be available for every computer
where a smart card user would logon to if they were forced to use smart card
logon in their user account in AD Users and Computers. --- Steve

"SallyB" <SallyB@discussions.microsoft.com> wrote in message
news:26B601AF-8EFE-4104-979A-CA5DF1BC72A7@microsoft.com...
> That may be what I'll have to do. I run a domain at a school and wanted
> the
> staff to have more secure passwords than students. I thought I seen a
> question somewhere in a exam about different password policies but I must
> have been wrong.
> Thanks Danny
>
> "Danny Sanders" wrote:
>
>> Only one password policy to a domain. Stronger password policies is one
>> security measure to secure the resources on that domain. Creating a group
>> with "weaker" passwords amounts to creating a security hole.
>>
>> Creating a different password policy on an OU will result in that
>> password
>> policy being applied when logging on locally to the PC rather than
>> logging
>> on to the domain.
>>
>> The need for differing password policies is one reason to create another
>> domain.
>>
>> hth
>> DDS W 2k MVP MCSE
>>
>> "SallyB" <SallyB@discussions.microsoft.com> wrote in message
>> news:7E3D53BE-D26B-477A-8A24-7D0394EA551D@microsoft.com...
>> > Hi
>> >
>> > I want to apply different password policies to different user groups
>> > which
>> > are in different gpo's.How do I do this??
>> > Thanks
>> > Sally
>>
>>
>>

Relevant Pages

  • Re: GPO and password policies
    ... with "weaker" passwords amounts to creating a security hole. ... Creating a different password policy on an OU will result in that password ... policy being applied when logging on locally to the PC rather than logging ... The need for differing password policies is one reason to create another ...
    (microsoft.public.security)
  • Password Policy
    ... Looking to increase security and was wondering if you can ... apply password policies to an OU. ... Password policy can only be applied at the Domain ... wanted greater security with more password changes. ...
    (microsoft.public.win2000.security)
  • Re: GPO security settings not applied
    ... Domain Security Policy to set this. ... you can indeed set a password policy at the OU - level! ... >> Domain - Default Domain GPO ... User settings in the IT GPO (ex. ...
    (microsoft.public.win2000.group_policy)
  • RE: How to /password policy on Windows 2003
    ... maybe this server has a higher security requirement than another (you ... Password policy should come from the top ... would also suggest limiting local admin access to a very few IT employees. ...
    (Focus-Microsoft)
  • Re: SCL Screen Saver ?
    ... There is a security option you ... can try on a computer with smart card readers in Local Security Policy/local ... having a password to use when the Screen Saver kicks on. ...
    (microsoft.public.windowsxp.security_admin)