Solved

Trying to implement password policy

Posted on 2004-07-30
4
212 Views
Last Modified: 2013-12-04
I am running windows 2000 server and i would like to implement a password policy, everything i have tried has not worked.  I have a couple different group policies set up at the domain level, not as individual OU's. Do i set it up under group policy? This is what I would like done:

Minimum 8 characters
6 passwords remembered
Expires after 90 days


also, i would like to have them locked out after 3 invalid attempts.....there is already lockout policy in place, but I don’t know how it got there, I was messing around with it in several areas and it worked, but I would like to know where its working...

1 last question, when changes are made to the DC such as a password  or lockout policy, do they take effect immediately?
0
Comment
Question by:jasonfarmer
  • 2
  • 2
4 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 11679953
You can only define a password policy in the default domain policy; you can't divide this by groups and OUs as other policies. Password policies can be set on domain level only.
They take effect "sort of" immediately. A lockout policy takes place immediately, a password policy takes place the next time the user logs on (in case of a password expiration change, if his password is too old) or tries to change his password.
With a third-party tool, you can define password policies independently from the Microsoft policies, and then several different ones and for groups as well,
Password Policy Enforcer: Overview
http://www.anixis.com/products/ppe/default.htm
0
 
LVL 3

Author Comment

by:jasonfarmer
ID: 11681005

OBDA

what if I go into AD and click the box for "change password at next logon" and then implement the new password policy, will it take effect the next time they logon?


when you say i must do it in the default domain policy, you mean got to my domain in AD, right click, properties, group policy tab? assuming thats what you are talking about, should default domain policy be listed 1st (i have it listed 5th)? because as you know, the higher it is on that list the higher the priority. should i enforce the policy on default domain policy and move it to first on the list? if so, what will that do to my current group policies?
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 11681750
The policies will be effective immediately; so as soon as you force them to change the password and they try to logon the next time, their new password will have to comlpy with the settings.
It shouldn't really matter at which priority you have it; simply define it at domain level. What I would recommend, though, is to create different OUs, move your users and workstations under there and define policies there.
0
 
LVL 3

Author Comment

by:jasonfarmer
ID: 11867309
please close this, i found the answer to this question on my own
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now