RE: [ActiveDir] Password policy scenerio

[Ulf B. Simon-Weidner]

Title: Message

Hi Steve,   still the same, no matter what OS, Forest or Domain Mode or SP.   Gruesse - Sincerely,   Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield Sent: Wednesday, September 01, 2004 4:07 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Password policy scenerio   Is this the same as Windows 2003 Native Domain? ----- Original Message ----- From: Coleman, Hunter To: '[EMAIL PROTECTED]' Sent: Tuesday, August 31, 2004 8:32 PM Subject: RE: [ActiveDir] Password policy scenerio   Password policies are domain-wide, so you can only have one per domain. If you have different requirements within a domain, you'll have to settle for voluntary compliance or carve off a separate domain. http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q269236   Hunter   From: Steve Schofield [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password policy scenerio I have a question on password policy and get people's input.  From what i read, most people or things I've read implement their password policy using the Default Domain Policy or a custom policy with this linked to the Top of the domain.  There is some existing password settings in the Default Domain Policy but these aren't the settings I want to apply to my Persons OU.  I want to create a custom policy with the correct password settings then link to the Persons OU.   I've went ahead and done this and experiencing un-expected results.    By default the Default Domain Policy is inherited on the Persons OU.  then i have the custom Password Policy linked to this OU.  I hate to have to implement the password at the top of the domain cause this could cause issues in the domain for other user accounts outside the Persons OU.    I've created, linked a custom Password Policy to the Persons OU.  when I do a gpresult, the custom Password policy processes after the Default Domain Policy.  When I do gpresult, says all policies applied but the Default Domain Policy was currently setup to allow zero length passwords.  I want to implement a 6 length minimum but it still allows people to have zero-lengthed policy when changing their password on a workstation in this domin.  I don't want to put the authenticated users (in the filtered list of the GPO) in the custom password policy that is linked to the Persons OU until I get expected results with a few machines and test users.  Would I have to , in the filtered list of the custom password policy, the userID and machine they are logging into to insure the custom password policy is applied. Currently people can reset their password to zero length.  I'm missing the obvious but would appreciate input.  Sorry for the long post but wanted to share what i've done so far.    Steve