Re: How to change the minimum password length in a Windows 2003 se

Correct it will apply to all machines in that OU. If you want to specify for a single machine you get to put a single machine in an OU.

Password rules are applied when the password is set. So if you have 6 character passwords you change the policy to 8, the 6 character passwords will still work. You won't be impacted until they try to change the password.

joe



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Peter wrote:
Joe,

I'm not familiar with OU but I guess adding a GPO to OU will apply the policy to all the objects (machines) belonged to that OU. But for my case, I want only one machine to be different.

A side question: Does Windows enforce the minium password length during the creation of the password or the entering of the password? For example, if the setting is 6 when I create a password with just 6 characters and then the setting is changed to 8, is the 6 characters password still valid?


Peter

"Joe Richards [MVP]" wrote:

You use NEW. ADD will allow you to link an already existing GPO to the OU.


joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Peter wrote:
Hi Joe,

Can you elaborate how to create an OU level policy? Do you mean I do the followings:
-right-click the OU
-click Properties
-click Group Policy tab

Should I click New or Add in the Group Policy?

Does this affect all the objects in that OU?

Thanks,

Peter

"Joe Richards [MVP]" wrote:

Or create an OU level policy for the OU the machine is in.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Peter wrote:
When I log in as local adiminstrator or domain administrator on a Windows 2003 server (not a domain controller), the minimum password length option is disabled so I cannot change it. How can I enable it?


Thanks,

Peter
.

Relevant Pages

  • Re: Password Policy at Domain Level Problem
    ... You can do so by looking at the metadata on ... >>The part about the policy going back to 180 days means either some other ... >>Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • Re: Field greyed out when account ops try to unlock account
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... Tried on several different account with same result. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Field greyed out when account ops try to unlock account
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... Richard Alexander wrote: ... After i read up on delegation, I removed them from the account operators group and created a new group called xxx-accops and then delegated permissions on the OUs. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Field greyed out when account ops try to unlock account
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... Richard Alexander wrote: ... After i read up on delegation, I removed them from the account ...
    (microsoft.public.windows.server.active_directory)
  • Re: Email Password Expire Notifications
    ... no longer seems to be posted on the Internet for download. ... Joe Richards Microsoft MVP Windows Server Directory Services ... write a script, it will probably be easier for you to use a tool like ...
    (microsoft.public.windows.server.active_directory)