Re: Password Policy for remote users
- From: "ANIXIS" <anixis@xxxxxxxxx>
- Date: 24 May 2006 07:19:45 -0700
Setting the "password never expires" flag will stop the password from
expiring, but if a user tried to manually change their password they
would still have to comply with the password policy.
For domain user accounts, the password policy rules only work when
linked at the domain level. You cannot enfoce policies by OU unless you
write your own password filter (not practical for a 30 person company),
or purchase a third-party product.
If you don't want to purchase additional software, then the "password
never expires" flag is your best option. If you are willing to spend a
few dollars, then our Password policy Enforcer product will allow you
to enforce multiple policies and assign them to users, groups, and OUs.
See http://www.anixis.com/products/ppe/features.htm
denilia wrote:
So, a feature "password never expires" wll not work? What about to use
different set of GPO policeis for different users/PC OU?
Where I can find additional Info on smart cards? is there any good Vendors
who supply smart cards?
"Roger Abell [MVP]" wrote:
There is only one password policy per domain or per machine.
If you will notice, the account policies are not in the User branch but
in the Computer branch of policies. When set in a GPO linked to the
domain object this controls how DCs enforce policy for all domain
accounts, and this or the highest priority GPO setting account policies
applied to a member govern how all the member enforces the policies
for all machine local accounts.
So, to accomplish your stated objective you would need to either
use multiple domains, use a custom gina, or perhaps look as having
a subset of account required to use smart card for login.
"denilia" <denilia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3AFA9779-C4A9-40CE-BEDB-658C14CFFBFF@xxxxxxxxxxxxxxxx
Hi experts
I would like to get some clarification and advise. I have 2003 domain with
30 in office users and 10 remote users (VPN only, OWA, POP3). I'm trying
to
enforce a Password policy for office users only. What is the best way?
I'm planning to to do the following steps:
1. Edit GPO to inforce password policy at user configuration level.
2. Check "password never expires" in the account property for remote users
3. Change remote users passowrd to more complex.
Is it secure way to do it? how can I enforce to change password on next
logon?
will remote user password ever expire? I do not want those pepople to be
effected...
I prefer not to crate a separate OU for remote users because I have AD
structured based on peoples roles.
Thank you
.
- References:
- Re: Password Policy for remote users
- From: Roger Abell [MVP]
- Re: Password Policy for remote users
- Prev by Date: Re: Password Policy for remote users
- Next by Date: Re: possible system intruder XP
- Previous by thread: Re: Password Policy for remote users
- Next by thread: Tripwire for Windows machines ?
- Index(es):
Relevant Pages
|
