Re: Password Security Policy for Local on Window 2003

"Paul Adare" <pkadare@xxxxxxxxx> wrote in message
news:13xw166ayxk1d.1t26lxw1swlo2.dlg@xxxxxxxxxxxxx
On Sun, 16 Mar 2008 23:33:27 -0700, Roger Abell [MVP] wrote:

"Paul Adare" <pkadare@xxxxxxxxx> wrote in message
news:1kkbebw6i57s8$.1f2r1ssflkrjz$.dlg@xxxxxxxxxxxxx
On Fri, 14 Mar 2008 16:10:35 -0400, saw wrote:

I am trying to install a software that requires that the password be
less
than 8 characters, which the security policy should only be applied to
the
local machine only which is the server that I am trying to install the
application on.

Your feedback and recommendation would be appreciated.

You have two separate issues here; one which is easy to resolve, the
other
is more difficult.
To have password policy apply to local accounts you simply need to set
the
Group Policy in a GPO that only affects the local computer and not in
the
Default Domain Security Policy GPO. The Default Domain Security Policy
GPO
is the only place you can set password policy if you want it to affect
all
domain accounts. So, in your case you could create an OU that only
contains
the server in question and create and link a GPO there, or, create and
link
a GPO to the current OU and use security filtering such that only the
server in question processes the GPO.
The second issue, requiring a maximum password length of only 8
characters
is more difficult. The default password filter doesn't allow you to set
a
maximum password length, so you'll need to search for a 3rd party
password
filter that will allow this.


Poster does not need to enforce a maximun password length, but
only needs to allow a short one for this software requirement.
What you outline for allowing machine local accounts to have
short passwords would be sufficient, assuming a domain account
is not needed.

Sorry but a maximum password length is exactly what the poster is looking
for. He wants to make sure that no one creates a password longer than 8
characters. If that isn't defining a max password length then I don't know
what the definition would be.


No excusing is needed. I see your reading.
I was blind-sided by reading it as a vendor's install requiring
that the service account must be able to have a 7 char max pwd !
Nope, never even ready it otherwise :-)

Roger


.

Relevant Pages

  • Re: Need help w/ group policy
    ... I set in the GPO editor. ... security policy and in the gpo which is enforced both to the computer ... > If with domain accounts, then set password policies in a GPO ...
    (microsoft.public.windows.group_policy)
  • Re: Password Security Policy for Local on Window 2003
    ... local machine only which is the server that I am trying to install the ... Default Domain Security Policy GPO. ... requiring a maximum password length of only 8 characters ...
    (microsoft.public.windows.server.security)
  • Re: Password Security Policy for Local on Window 2003
    ... local machine only which is the server that I am trying to install the ... Default Domain Security Policy GPO. ... the server in question and create and link a GPO there, or, create and link ...
    (microsoft.public.windows.server.security)
  • Re: Setting Default Printer for Workstations
    ... We do not have roaming profiles, but students do have AD accounts. ... R2 of Win2003 has a new "Print Management Component" for GPOs: ... you're editing that GPO on the R2 server? ...
    (microsoft.public.windows.server.active_directory)
  • Domain Controller Security Policy errors
    ... Security Policy or the Domain Controller Security Policy. ... The DC is also a print and file server. ... The domain controller for Group Policy operations is not available. ...
    (microsoft.public.win2000.active_directory)