Solved

Trying to implement password policy

Posted on 2004-07-30
4
208 Views
Last Modified: 2013-12-04
I am running windows 2000 server and i would like to implement a password policy, everything i have tried has not worked.  I have a couple different group policies set up at the domain level, not as individual OU's. Do i set it up under group policy? This is what I would like done:

Minimum 8 characters
6 passwords remembered
Expires after 90 days


also, i would like to have them locked out after 3 invalid attempts.....there is already lockout policy in place, but I don’t know how it got there, I was messing around with it in several areas and it worked, but I would like to know where its working...

1 last question, when changes are made to the DC such as a password  or lockout policy, do they take effect immediately?
0
Comment
Question by:jasonfarmer
  • 2
  • 2
4 Comments
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
You can only define a password policy in the default domain policy; you can't divide this by groups and OUs as other policies. Password policies can be set on domain level only.
They take effect "sort of" immediately. A lockout policy takes place immediately, a password policy takes place the next time the user logs on (in case of a password expiration change, if his password is too old) or tries to change his password.
With a third-party tool, you can define password policies independently from the Microsoft policies, and then several different ones and for groups as well,
Password Policy Enforcer: Overview
http://www.anixis.com/products/ppe/default.htm
0
 
LVL 3

Author Comment

by:jasonfarmer
Comment Utility

OBDA

what if I go into AD and click the box for "change password at next logon" and then implement the new password policy, will it take effect the next time they logon?


when you say i must do it in the default domain policy, you mean got to my domain in AD, right click, properties, group policy tab? assuming thats what you are talking about, should default domain policy be listed 1st (i have it listed 5th)? because as you know, the higher it is on that list the higher the priority. should i enforce the policy on default domain policy and move it to first on the list? if so, what will that do to my current group policies?
0
 
LVL 82

Accepted Solution

by:
oBdA earned 500 total points
Comment Utility
The policies will be effective immediately; so as soon as you force them to change the password and they try to logon the next time, their new password will have to comlpy with the settings.
It shouldn't really matter at which priority you have it; simply define it at domain level. What I would recommend, though, is to create different OUs, move your users and workstations under there and define policies there.
0
 
LVL 3

Author Comment

by:jasonfarmer
Comment Utility
please close this, i found the answer to this question on my own
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
OfficeMate Freezes on login or does not load after login credentials are input.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now