Solved

Trying to implement password policy

Posted on 2004-07-30
4
233 Views
Last Modified: 2013-12-04
I am running windows 2000 server and i would like to implement a password policy, everything i have tried has not worked.  I have a couple different group policies set up at the domain level, not as individual OU's. Do i set it up under group policy? This is what I would like done:

Minimum 8 characters
6 passwords remembered
Expires after 90 days


also, i would like to have them locked out after 3 invalid attempts.....there is already lockout policy in place, but I don’t know how it got there, I was messing around with it in several areas and it worked, but I would like to know where its working...

1 last question, when changes are made to the DC such as a password  or lockout policy, do they take effect immediately?
0
Comment
Question by:jasonfarmer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 85

Expert Comment

by:oBdA
ID: 11679953
You can only define a password policy in the default domain policy; you can't divide this by groups and OUs as other policies. Password policies can be set on domain level only.
They take effect "sort of" immediately. A lockout policy takes place immediately, a password policy takes place the next time the user logs on (in case of a password expiration change, if his password is too old) or tries to change his password.
With a third-party tool, you can define password policies independently from the Microsoft policies, and then several different ones and for groups as well,
Password Policy Enforcer: Overview
http://www.anixis.com/products/ppe/default.htm
0
 
LVL 3

Author Comment

by:jasonfarmer
ID: 11681005

OBDA

what if I go into AD and click the box for "change password at next logon" and then implement the new password policy, will it take effect the next time they logon?


when you say i must do it in the default domain policy, you mean got to my domain in AD, right click, properties, group policy tab? assuming thats what you are talking about, should default domain policy be listed 1st (i have it listed 5th)? because as you know, the higher it is on that list the higher the priority. should i enforce the policy on default domain policy and move it to first on the list? if so, what will that do to my current group policies?
0
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 11681750
The policies will be effective immediately; so as soon as you force them to change the password and they try to logon the next time, their new password will have to comlpy with the settings.
It shouldn't really matter at which priority you have it; simply define it at domain level. What I would recommend, though, is to create different OUs, move your users and workstations under there and define policies there.
0
 
LVL 3

Author Comment

by:jasonfarmer
ID: 11867309
please close this, i found the answer to this question on my own
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question