Check out WWW.SANS.Org. They have papers on all kinds of security issues. -----Original Message----- From: James Winzenz [mailto:james.winzenz@;inovis.com] Sent: Tuesday, November 12, 2002 8:26 AM To: NT 2000 Discussions Subject: RE: Active Directory Password Policy Grief.
Luser education? Impossible . . . <VBG> My suggestion would be to talk to your corporate security dept. (if you have one, that is). If you *are* corporate security as well, then you perhaps have a bit more leeway. Just realize that if you leave password requirements weak, your Lusers *will* exploit it to the utmost, and if you make the requirements strong, they will gripe and moan and write their passwords down on sticky notes to put on their monitors. That being said, I would still prefer strong password requirements any day over weak ones. James Winzenz, MCSE, A+ Associate Systems Administrator InovisTM, formerly Harbinger and Extricity -----Original Message----- From: AliAdmin [mailto:AliAdmin@;bango.net] Sent: Tuesday, November 12, 2002 3:19 AM To: NT 2000 Discussions Subject: Re: Active Directory Password Policy Grief. Well that certainly explains it, I'll have to have a rethink. Also does anybody have some good links for user password education, so the bliighters can see the danger of weak passwords themselves. Thanks for your help Ali ----- Original Message ----- From: "Steve Molkentin" <[EMAIL PROTECTED]> To: "NT 2000 Discussions" <[EMAIL PROTECTED]> Sent: Monday, November 11, 2002 9:51 PM Subject: RE: Active Directory Password Policy Grief. > Ali, > > I'm with everyone else who has posted here - either you create a new domain > for the users you want a different password policy for, or everyone > (or no > one) gets your new password policy. > > themolk. > > > -----Original Message----- > > From: AliAdmin [mailto:AliAdmin@;bango.net] > > Sent: Saturday, 9 November 2002 2:16 am > > To: NT 2000 Discussions > > Subject: Active Directory Password Policy Grief. > > > > > > Hi All. > > > > I hope somebody can help me here, as I'm beginning to tear my hair > > out. > > > > I currently have Active directory installed and I'm running with the > > a configured default security policy. I have a number of OU's also > > configured. Everything is happy except that now I wish to alter the > > password security > > for one OU - making it stricter. As I understand AD, in order > > to increase > > the security for that one OU all I need do is modify the OU policy, as > > policy is applied hieratically the last applied policy takes > > precedent. In > > this case the OU policy should supersede the Default policy > > and thus apply > > the increased security. > > > > Unfortunately this is not the case. Other aspects of the OU policy > > are applied - eg a specific splash screen- and when I run GPResult > > the OU policy is applied to that machine and user. However the > > password security policy is > > not applied, the Default Policy is still in effect. > > > > I have tried Blocking the inheritance, just in case and the > > behaviour was not effected. It might be something to do with the > > Default Password Policy > > needing to be the same for both Domain OU and Domain > > Controller OU but I am > > rather reluctant to alter those and potentially affect all users. > > > > Am I missing something about how password policies are applied. > > > > Your help will be much appreciated. > > > > Thanks > > > > Ali > > > > Alister Haran > > Sys Admin > > > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
