Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password Policy

Status
Not open for further replies.
acl03

acl03

MIS
Jun 13, 2005
1,077
US
I have 3 questions...

1. Right now (we have a new domain) we do not have ANY password policy on our accounts, because most of our network resources are behind Netware. This will soon go away. If i turn on a password policy (passwords expiring ever 90 days) will exisiting passwords be effected by that policy, or only when they change their password?

2. Can I have different password policies for different OU's, or does my entire domain have to have the same one?

3. Also - why is the user password policy in the computer section of group policy. Shouldn't it be in the user section, since it has nothing to do with computer accounts?
 
Sort by date Sort by votes
My thoughts:
1) If you turn on the policy it will give those passwords 90 days before expiring. At least thats what I think, it may make them all change their passwords if they are older than 90 days, but either way all passwords will be affected.

2) This has to do with how you set up group policy. If you make the policy for the entire domain it will affect all of the accounts unless you have 'block inheritance' on an OU or something.
You can set different policies for different OUs, block inheritance for certain OUs, or just let it filter down to all of the OUs by setting a policy on the entire domain and then clicking 'enforce policy'

3) I dont know. I just poke around in there and find the policies, I dont actually bother to look where they live.
 
Upvote 0 Downvote
The Answer too the first two are easy answers.
1) If you create a domain password policy to effect all OU's then every user will be affected by the policy. (Don't Do it, See answer #2

2) You can have a different Password Policy Per OU. so if your Accounts need to change there passwords every 7 days then create a GPO assign it to that OU and make that policy force a change every 7 days, Where as your Artist need to change there passwords every 30 days then the OU Will have those characteristics.

When you create a new domain on windows 2003 i am finding that the default Domain Policy is very tight, Has to be 7 charters, Must be Special Charters, Cant repeat, cant be blank. I also found the easiest way to change that is to go to start|Run type GPEdit.msc and then turn off those features from there.

3) This would be a question for the developers at Microsoft. Sorry.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
110
strongm
strongm
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
143
penguinroundup
penguinroundup
TECHMAN007
  • Locked
  • Question
RD Web Password Change
Replies
0
Views
110
TECHMAN007
TECHMAN007
rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
191
rrmcguire
rrmcguire
RdFromK
  • Locked
  • Question
GroupPolicy error 1065 with Windows SBS CSE Policy
Replies
2
Views
204
RdFromK
RdFromK

Part and Inventory Search

Sponsor

Back
Top