Re: Strong Passwords

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 05/10/05

Next message: Quintsplus1: "Re: blocking pictures sent via e-mail"
Previous message: Shenan Stanley: "Re: blocking pictures sent via e-mail"
In reply to: Ron P: "Re: Strong Passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 9 May 2005 22:16:59 -0700

You can always tell which part of a GPO must be enabled by
looking at which of the two major branches of policy within
the GPO, Computer or User, have settings in use.

Account policies are Computer policies since they control
how the system processes account operations for all accounts.

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Ron P" <RonP@discussions.microsoft.com> wrote in message
news:68BFA3E2-0116-45CD-AB5F-2DA82F01F123@microsoft.com...
> Thanks Roger, I'll setup a new Policy at the domain level. Where I saw the
GP
> being applied to both computers and users, which one of these should I
apply
> the policy to? In my mind it should be the user side.
> TX Again!
> Ron
>
> "Roger Abell" wrote:
>
> > Password policies when applied with an OU-linked GPO has
> > impact only on the machine local accounts of machines in the OU.
> > To impact domain accounts set these in a domain-linked GPO.
> > The change to password requirements is in effect at the next
> > change of password and does not force a new password to be
> > defined immediately.
> >
> > -- 
> > Roger Abell
> > Microsoft MVP (Windows  Security)
> > MCSE (W2k3,W2k,Nt4)  MCDBA
> > "Ron P" <RonP@discussions.microsoft.com> wrote in message
> > news:BC4F35CD-0E38-4108-A6AE-AE309957975B@microsoft.com...
> > > W2k w/AD. Trying to implement Strong pw with GP. I have setup
> > users/computers
> > > (w2k & XP Pro) in OU's and have applied the Password GP to it. The
> > > GPresult.exe shows the password policy as being applied to the
computer
> > but
> > > doesn't prompt the users to change their pw.
> > >
> > > I have even forced users to change pw manually but the strong pw
> > > requirements are not forced onto the user. Can anyone suggest anything
> > >
> > > TX!
> >
> >
> >

Next message: Quintsplus1: "Re: blocking pictures sent via e-mail"
Previous message: Shenan Stanley: "Re: blocking pictures sent via e-mail"
In reply to: Ron P: "Re: Strong Passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Group Policy: multiple password policies in the same domain?
... > it under access to the GPO. ... The conflict only happens when both policies ... results in having the policy denied. ... > user accounts it affects be able to read it and have "apply ...
(Focus-Microsoft)
Re: Exclude from GPO ..
... I only put in the user accounts that should not have the ... Users" group is assigned with Read and Apply Group Policy ... ... I then created a new GPO with the settings I ... need to password protect a screen saver to go off at 15 minutes. ...
(microsoft.public.windows.server.active_directory)
Re: Advise to password policy
... The policy that governs password aging is applied all or none to all ... Another thing one can do is to use a staged expiration. ... I had a total 200 over user accounts with most of them over the 90 days ... Perhaps using the AD user account "password never expire" field or GPO ...
(microsoft.public.security)
Re: Default Domain Policy Question
... > Domain controllers read password policy from the domain ... Account policies when GPO is linked to the DC OU. ... > There can only be one policy per domain for domain accounts. ...
(microsoft.public.windows.group_policy)
Re: Locked out of Win2k Server
... "Roger Abell" wrote in message ... > subjected to the Group Policy GPO's of the domain. ... > GPO settings of your existing GPOs while learning. ... I rebuilt the member server and it ...
(microsoft.public.windows.server.security)