Solved

Trying to implement password policy

Posted on 2004-07-30
4
227 Views
Last Modified: 2013-12-04
I am running windows 2000 server and i would like to implement a password policy, everything i have tried has not worked.  I have a couple different group policies set up at the domain level, not as individual OU's. Do i set it up under group policy? This is what I would like done:

Minimum 8 characters
6 passwords remembered
Expires after 90 days


also, i would like to have them locked out after 3 invalid attempts.....there is already lockout policy in place, but I don’t know how it got there, I was messing around with it in several areas and it worked, but I would like to know where its working...

1 last question, when changes are made to the DC such as a password  or lockout policy, do they take effect immediately?
0
Comment
Question by:jasonfarmer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 11679953
You can only define a password policy in the default domain policy; you can't divide this by groups and OUs as other policies. Password policies can be set on domain level only.
They take effect "sort of" immediately. A lockout policy takes place immediately, a password policy takes place the next time the user logs on (in case of a password expiration change, if his password is too old) or tries to change his password.
With a third-party tool, you can define password policies independently from the Microsoft policies, and then several different ones and for groups as well,
Password Policy Enforcer: Overview
http://www.anixis.com/products/ppe/default.htm
0
 
LVL 3

Author Comment

by:jasonfarmer
ID: 11681005

OBDA

what if I go into AD and click the box for "change password at next logon" and then implement the new password policy, will it take effect the next time they logon?


when you say i must do it in the default domain policy, you mean got to my domain in AD, right click, properties, group policy tab? assuming thats what you are talking about, should default domain policy be listed 1st (i have it listed 5th)? because as you know, the higher it is on that list the higher the priority. should i enforce the policy on default domain policy and move it to first on the list? if so, what will that do to my current group policies?
0
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 11681750
The policies will be effective immediately; so as soon as you force them to change the password and they try to logon the next time, their new password will have to comlpy with the settings.
It shouldn't really matter at which priority you have it; simply define it at domain level. What I would recommend, though, is to create different OUs, move your users and workstations under there and define policies there.
0
 
LVL 3

Author Comment

by:jasonfarmer
ID: 11867309
please close this, i found the answer to this question on my own
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question