?
Solved

Trying to implement password policy

Posted on 2004-07-30
4
Medium Priority
?
237 Views
Last Modified: 2013-12-04
I am running windows 2000 server and i would like to implement a password policy, everything i have tried has not worked.  I have a couple different group policies set up at the domain level, not as individual OU's. Do i set it up under group policy? This is what I would like done:

Minimum 8 characters
6 passwords remembered
Expires after 90 days


also, i would like to have them locked out after 3 invalid attempts.....there is already lockout policy in place, but I don’t know how it got there, I was messing around with it in several areas and it worked, but I would like to know where its working...

1 last question, when changes are made to the DC such as a password  or lockout policy, do they take effect immediately?
0
Comment
Question by:jasonfarmer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 85

Expert Comment

by:oBdA
ID: 11679953
You can only define a password policy in the default domain policy; you can't divide this by groups and OUs as other policies. Password policies can be set on domain level only.
They take effect "sort of" immediately. A lockout policy takes place immediately, a password policy takes place the next time the user logs on (in case of a password expiration change, if his password is too old) or tries to change his password.
With a third-party tool, you can define password policies independently from the Microsoft policies, and then several different ones and for groups as well,
Password Policy Enforcer: Overview
http://www.anixis.com/products/ppe/default.htm
0
 
LVL 3

Author Comment

by:jasonfarmer
ID: 11681005

OBDA

what if I go into AD and click the box for "change password at next logon" and then implement the new password policy, will it take effect the next time they logon?


when you say i must do it in the default domain policy, you mean got to my domain in AD, right click, properties, group policy tab? assuming thats what you are talking about, should default domain policy be listed 1st (i have it listed 5th)? because as you know, the higher it is on that list the higher the priority. should i enforce the policy on default domain policy and move it to first on the list? if so, what will that do to my current group policies?
0
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 11681750
The policies will be effective immediately; so as soon as you force them to change the password and they try to logon the next time, their new password will have to comlpy with the settings.
It shouldn't really matter at which priority you have it; simply define it at domain level. What I would recommend, though, is to create different OUs, move your users and workstations under there and define policies there.
0
 
LVL 3

Author Comment

by:jasonfarmer
ID: 11867309
please close this, i found the answer to this question on my own
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question