Re: Windows 2003 domain password policy
- From: "ANIXIS" <anixis@xxxxxxxxx>
- Date: 26 Sep 2006 20:26:03 -0700
Windows only supports one domain password policy per domain. Microsoft
includes an API for custom password filters in Windows. This API can do
what you require, but only if you have a good understanding of C,
security concepts and LDAP. You can find the documentation at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmgmt/security/password_filters.asp
There are also several third-party products that can overcome this
limitation without any programming. The one I recommend is Password
Policy Enforcer (disclosure: I work for ANIXIS). It allows you to
assign policies to users, groups, and OUs. See
http://www.anixis.com/products/ppe/features.htm for more information.
John Smith wrote:
Can we have 2 sets of domain password policy? Or we can use Block Policy
Inheritance and Disable No Override option to achieve this.
Any suggestion for best Domain Password Policy pratice? Modify the default
Domain Policy GPO or create a new Password GPO and linked to the root
container?
If we implement a secure password policy now, what may happen to the
existing users? Are they offered a chance to change their password when they
first log in? How about those laptop mobile VPN users?
.
- References:
- Windows 2003 domain password policy
- From: John Smith
- Windows 2003 domain password policy
- Prev by Date: Re: Windows 2003 domain password policy
- Next by Date: FTP security
- Previous by thread: Re: Windows 2003 domain password policy
- Next by thread: Re: Windows 2003 domain password policy
- Index(es):
Relevant Pages
|
