Re: Basic GPO Question

From: Paul U. (anonymous_at_discussions.microsoft.com)
Date: 09/22/04


Date: Wed, 22 Sep 2004 12:17:07 -0700

Thanks for a quick Response Dan!

I'm pretty new to this Policy "Stuff" so I want to make
sure I understand your response.

Is my understanding correct in that I HAVE to apply my
password policy to the domain instead of the OU (or is
that just a "best practice" suggestion? I have only
created one password policy, but for the short term I
want to apply it just to one site (Geographic Region).
Eventually I will apply it to the entire domain.

Thanks for your help...
Paul U.

>-----Original Message-----

>Password policies are one to a domain.
>
>> I have created a new Policy which enables Password
>> Complexity requirements, and linked that new Policy to
>> the OU in AD which contains all of the Users and
>> Computers (including the Domain Controller computer)
for
>> that Regional Office.
>
>
>Password policies applied at the OU level ONLY take
affect when logging on
>locally to a computer in that OU.
>
>
>> We have several geographic regional offices, each with
>> their own DC. One of our Regional Offices wants to
>> implement Strong Passwords (aka Password Complexity
>> Requirements).
>
>
>In order to use a different password policy at this
site, you need to create
>a different domain at this site.
>
>
>The reasoning behind the password policy is that if you
have resources in a
>domain that are sensitive enough to require the more
complex password
>policy, you would want ALL accounts in that domain to be
more secure, not
>just a few. If you were able to apply the complex
password policy to a few
>users and not the entire domain a hacker would not have
to crack the complex
>password. They would crack one of the "simple" passwords.
>
>It's kind of like putting a dead bolt, a key lock, and a
chain lock on the
>front door and only a key lock on the back door of your
house. If there is
>something in your house worth securing with 3 different
locks, it's worth
>securing all the doors equally.
>
>hth
>DDS W 2k MVP MCSE
>
>"Paul U." <anonymous@discussions.microsoft.com> wrote in
message
>news:01ff01c4a0cb$1f91ca70$a301280a@phx.gbl...
>> I have what I would call a relatively simple task I
want
>> to accomplich but I can't seem to get it to work for
>> whatever reason.
>>
>> We have several geographic regional offices, each with
>> their own DC. One of our Regional Offices wants to
>> implement Strong Passwords (aka Password Complexity
>> Requirements).
>>
>> I have created a new Policy which enables Password
>> Complexity requirements, and linked that new Policy to
>> the OU in AD which contains all of the Users and
>> Computers (including the Domain Controller computer)
for
>> that Regional Office.
>>
>> When I open the "Local Security Policy" shortcut from
>> inside Administrative Tools on the DC of that Regional
>> Office, it still indicates that the Password Complexity
>> setting is undefined.
>>
>> Do I need to modify the Default Domain Policy or
Default
>> Domain Controller Policy to define copmplex password
>> requirements or is there another policy I need to
create
>> upstream?
>>
>> Any help would be much appreciated!
>>
>> Thanks - Paul U.
>
>
>.
>



Relevant Pages

  • Re: Basic GPO Question
    ... One of our Regional Offices wants to ... > implement Strong Passwords (aka Password Complexity ... In order to use a different password policy at this site, ...
    (microsoft.public.win2000.security)
  • Re: Reasons and examples for security
    ... Roger Abell ... >> "Use passphrases" (with some details tbd relative to retraints ... >> on length minimum and relationship with complexity policy). ...
    (microsoft.public.security)
  • RE: Problem after setting password complexity
    ... change password after you enable "password must meet complexity ... I suggest you configure the password policy under "domain security ... Password must meet complexity requirements Enabled ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: MU team brews its own, cheaper gas
    ... If you're a decision-maker suffering from these acute symptoms it may be time to ask your doctor about Complexity Science: a nascent, interdisciplinary field exploring the structure, behavior and dynamics of complex systems. ... Catalyst's "Forum on Complexity and Transportation Policy," to be held June 15th at the Cosmos Club in Washington, DC is the second of a four-part series exploring the new public policy insights offered by complexity science. ... Catalyst is pleased to feature two of the most highly esteemed individuals in the field of transportation policy today: Dr. Tom Downs and Dr. Carl Simon. ...
    (sci.fractals)
  • Re: Password must meet complexity requirements
    ... I am getting the complexity message. ... The Default Domain Policy must be linked but not enforced. ... (one of the reasons we suggest you never modify the Default Policies ... replicate and see what happens. ...
    (microsoft.public.windows.server.active_directory)