|
Steve,
Creating a password policy and linking it to an OU will affect local accounts only. So, if I understood your post correctly, a domain user can have a zero length password, but if they wanted to create or reset a local account say, on a workstation, they will need to meet the six character password requirement.
Remember, different password policies for different users is one of the few reasons to have a separate domain.
Dan
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield
I have a question on password policy and get people's input. From what i read, most people or things I've read implement their password policy using the Default Domain Policy or a custom policy with this linked to the Top of the domain. There is some existing password settings in the Default Domain Policy but these aren't the settings I want to apply to my Persons OU. I want to create a custom policy with the correct password settings then link to the Persons OU. I've went ahead and done this and experiencing un-expected results.
By default the Default Domain Policy is inherited on the Persons OU. then i have the custom Password Policy linked to this OU. I hate to have to implement the password at the top of the domain cause this could cause issues in the domain for other user accounts outside the Persons OU. I've created, linked a custom Password Policy to the Persons OU. when I do a gpresult, the custom Password policy processes after the Default Domain Policy. When I do gpresult, says all policies applied but the Default Domain Policy was currently setup to allow zero length passwords. I want to implement a 6 length minimum but it still allows people to have zero-lengthed policy when changing their password on a workstation in this domin. I don't want to put the authenticated users (in the filtered list of the GPO) in the custom password policy that is linked to the Persons OU until I get expected results with a few machines and test users. Would I have to , in the filtered list of the custom password policy, the userID and machine they are logging into to insure the custom password policy is applied. Currently people can reset their password to zero length. I'm missing the obvious but would appreciate input. Sorry for the long post but wanted to share what i've done so far.
Steve |
Title: Message
- [ActiveDir] Local Permission Groups Caple, Andrew
- RE: [ActiveDir] Local Permission Groups Noah Eiger
- [ActiveDir] Password policy scenerio Steve Schofield
- RE: [ActiveDir] Local Permission Groups Daniel Gilbert
- RE: [ActiveDir] Local Permission Groups Caple, Andrew
