Re: Password Policy for remote users
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 24 May 2006 05:49:34 -0700
There is only one password policy per domain or per machine.
If you will notice, the account policies are not in the User branch but
in the Computer branch of policies. When set in a GPO linked to the
domain object this controls how DCs enforce policy for all domain
accounts, and this or the highest priority GPO setting account policies
applied to a member govern how all the member enforces the policies
for all machine local accounts.
So, to accomplish your stated objective you would need to either
use multiple domains, use a custom gina, or perhaps look as having
a subset of account required to use smart card for login.
"denilia" <denilia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3AFA9779-C4A9-40CE-BEDB-658C14CFFBFF@xxxxxxxxxxxxxxxx
Hi experts
I would like to get some clarification and advise. I have 2003 domain with
30 in office users and 10 remote users (VPN only, OWA, POP3). I'm trying
to
enforce a Password policy for office users only. What is the best way?
I'm planning to to do the following steps:
1. Edit GPO to inforce password policy at user configuration level.
2. Check "password never expires" in the account property for remote users
3. Change remote users passowrd to more complex.
Is it secure way to do it? how can I enforce to change password on next
logon?
will remote user password ever expire? I do not want those pepople to be
effected...
I prefer not to crate a separate OU for remote users because I have AD
structured based on peoples roles.
Thank you
.
- Prev by Date: Automatic Certificate Request Setup Wizard
- Next by Date: Re: Password Policy for remote users
- Previous by thread: Automatic Certificate Request Setup Wizard
- Next by thread: Re: Password Policy for remote users
- Index(es):
Relevant Pages
|
