Agreed. In this case, the additional point I was trying to make was that you also could have a 3rd party package enforcing _local_ account passwords (which John specified) that overrides the domain password policy for _local_ passwords only leaving the domain account password policy intact for domain account passwords..
That is why I asked the question about the GINA in the first place :-] -----Original Message----- From: Steven Peck [mailto:[email protected]] Sent: Friday, March 19, 2010 3:33 PM To: NT System Admin Issues Subject: Re: Determining Password Complexity Requirements (UNCLASSIFIED) Some of the requirements for contracts that provide services for the military require a custom ugina. We have one. It has it's own little domain. On Fri, Mar 19, 2010 at 1:11 PM, Free, Bob <[email protected]> wrote: >> every time she tries to set a local account's password > > > > Probably a custom GINA/password filter. (I think there's an echo in here J) > > > > Those also come in local versions.... > > > > The Army couldn't enforce the settings Larry gave below natively, they have > to use *something* > > > > From: John Hornbuckle [mailto:[email protected]] > Sent: Friday, March 19, 2010 12:47 PM > To: NT System Admin Issues > Subject: RE: Determining Password Complexity Requirements (UNCLASSIFIED) > > > > Yeah, that sounds about like what we had to put in to get the system to > accept it. > > > > I just can't figure out how that policy is being enforced... > > > > > > > > From: Kent, Larry CTR US USA [mailto:[email protected]] > Sent: Friday, March 19, 2010 2:44 PM > To: NT System Admin Issues > Subject: RE: Determining Password Complexity Requirements (UNCLASSIFIED) > > > > Classification: UNCLASSIFIED > Caveats: FOUO > > The Army's password requirements are: minimum 14 chars, at least 2 > uppercase, 2 lowercase, 2 numeric and 2 special characters > > > > > > Larry Kent > > AD/Exchange 2003 OU Administrator > > Lockheed Martin > > Natick R&D Center > > Natick, MA 01760 > > DSN: 312.256.4981 Comm: 508.233.4981 > > mailto:[email protected] > > > > > > > > From: Carol Fee [mailto:[email protected]] > Sent: Friday, March 19, 2010 1:38 PM > To: NT System Admin Issues > Subject: RE: Determining Password Complexity Requirements > > > > How about asking the Army folks who sent you the machine ? > > > > CFee > > From: John Hornbuckle [mailto:[email protected]] > Sent: Friday, March 19, 2010 11:26 AM > To: NT System Admin Issues > Subject: Determining Password Complexity Requirements > > > > We have a machine that the Army sent our ROTC folks, and it's giving us a > hard time. It's not our standard machine, and came pre-configured from the > Army. We joined it to our domain, and it seems to be picking up group policy > from the domain-but a couple of things still aren't right. > > > > The biggest issue is that something on the machine seems to be requiring > passwords of greater complexity than our domain policy requires. What I > can't figure out is (A.) why that is and (B.) what those requirements are. I > had my technician run gpedit.msc on the machine and look under Computer > Configuration -> Windows Settings -> Security Settings -> Account Policies > -> Password Policy. All of the settings there match our regular domain > settings. And yet every time she tries to set a local account's password to > one that we know meets those requirements (because it's one we use on > multiple machines with no problems), Windows pops up a dialog saying it > doesn't meet the requirements. But if we put in a (much) longer and more > complex password, the system will take it. > > > > I ran through the fix from MSKB 313222, but to no avail (although that did > fix several other settings the Army had imposed on the machine). > > > > So, what the heck? Where is this machine getting its ideas about password > requirements from? And how can I determine what those requirements are? > > > > > > > > John Hornbuckle > > MIS Department > > Taylor County School District > > www.taylor.k12.fl.us > > > > > > > > > > > > > > NOTICE: Florida has a broad public records law. Most written communications > to or from this entity are public records that will be disclosed to the > public and the media upon request. E-mail communications may be subject to > public disclosure. > > > > > > > > > > Classification: UNCLASSIFIED > Caveats: FOUO > > > > > > > > > > > > > > NOTICE: Florida has a broad public records law. Most written communications > to or from this entity are public records that will be disclosed to the > public and the media upon request. E-mail communications may be subject to > public disclosure. > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
