|
First, a bit of background.
After much explanation and politics, we have finally decided to institute some password policies for the campus. Our machines currently reside in a single, native mode Active Directory domain.
I have created a domain-level password policy with the following items set:
Enforce Password history: 3 passwords remembered Max Password age: 182 days Min Password age: 1 days Min password length: 4 characters
(I know these are poor security settings, but it’s a start.)
The other two settings are undefined.
After setting this up, I now have four domain policies.
I am not seeing the “general chaos” I thought I would when the policy went into effect.
Questions:
In what order are the four domain policies applied? The password policy is the second policy in my list, with no other policies defining those password settings.
Is there something else I need to do to “kick start” the policy?
There are plenty of users with passwords they have had for years. Does a password policy start the clock “ticking” when the policy is first implemented? Will these users be allowed to keep their current policy for another 182 days before requiring them to change it?
Is there any way to check to see if the policy is working? Also, is there any way to the password age of an account?
-Tom Barber Systems Manager
|
- RE: [ActiveDir] GPO for entire domain Barber, Thomas
- RE: [ActiveDir] GPO for entire domain Salandra, Justin A.
- RE: [ActiveDir] GPO for entire domain Barber, Thomas
- RE: [ActiveDir] GPO for entire domain Dave Kinnamon
- RE: [ActiveDir] GPO for entire domain Barber, Thomas
- RE: [ActiveDir] GPO for entire domain Steve Rochford
