Passwords again!!

[schtek]

ok here is my situation!!

junior/infant schools: try telling a 4-7 year old to write his name remember his "password" 5 out of 30 can do it!!

So as i had no outside links behind a massive FW i had no need to have grand policies on Pw i turned it off then told the teachers to change there passwords to 5 or more letters/numbers... the children had no password.

Situation change going to allow vpn on the domain, i need to enforce pw policies.. if i switch it back on it will not allow blank passwords <--- kids

How can i switch it back on with blank passwords set or
allowed by group/ou to control certain passwords.. (teachers)

I have already looked at the microsoft links

many thanks

"Practice makes Perfect"
("la pratique rend parfait")
CPO rt'd RN
Football World Cup Winners 1966
Rugby World cup Winners 2003
WRC Finalists 2007

 

[pagy]

If I understand you correctly you want to separate password policies for teachers and kids, is that correct??

In short with Windows 2003 you can't do this by group or ou (I know, rubbish isn't it), you need Windows 2008 for that ability!!!!

Password policies are domain wide so you would need another domain in your forest for a separate password policy. (I know great isn't it)

Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[LawnBoy]

The kids could all use the same, simple password that never expires... Tape the p/w to the monitors the kids use, it's no less secure than no p/w.


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[schtek]

Yes i thought this, as all the post in here have been saying the same thing over the years!!

Its not the kids im worried about its the T's need i say much more!! i have heard some of the password used not to impressed with the fountain of knowledge they are supposed to have...

So what you are saying if i make it complexed and 10 caracters does that mean the kids ones have got to be the same lengh ???

"Practice makes Perfect"
("la pratique rend parfait")
CPO rt'd RN
Football World Cup Winners 1966
Rugby World cup Winners 2003
WRC Finalists 2007

 

[LawnBoy]

I'm afraid so.


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[kmills]

schtek,

When we instituted a complex password policy, it did not affect existing passwords, just new ones. So, as long as those blank passwords or other passwords aren't changed, they should continue to work.

Good luck with the teachers!

kmills

 

[schtek]

i wonder if this is a clue to what i need:


It is a best practice to avoid modifying these built-in GPOs. If you need to apply password policy settings that diverge from the default settings, you should create a new GPO instead and link it to the root container for the domain, or to the Domain Controllers OU and assign it a higher priority than the built-in GPO. If two GPOs that have conflicting settings are linked to the same container, the one with higher priority takes precedence.

http://www.microsoft.com/technet/pr...ctory/activedirectory/stepbystep/strngpw.mspx

I'll try and get back to you all.....

"Practice makes Perfect"
("la pratique rend parfait")
CPO rt'd RN
Football World Cup Winners 1966
Rugby World cup Winners 2003
WRC Finalists 2007

 

[ison67]

Yes, you can make two different policy for passwords. You will have to link them to the users. Let me know if the link you found don't work and I'll try to help.

Good luck,
DJ