Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

Password policy on Windows2000 domain

On Win2000 domain, how to change and enforce password policies?  On the domain security policy, the setting is 42 days for maximum password age, but most of the passwords are older than that, and there is no prompt to users to change it.  How do I make it enforce the policies on password age, complexity, etc.  Also, how can I monitor all domain users to see if they are meeting the password policies?

Thanks
0
maharlika
Asked:
maharlika
2 Solutions
 
Rich RumbleSecurity SamuraiCommented:
Acitve directory or NT style domains?
Here is AD http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx
here is NT style http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/acctpol/w2kadm07.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q161990 (passfilt was included in win2k)

Once these policies are in place, the Domain controllers will enforce it, they can tell if the password meets with the minimum requirments. You will probably want to force everyone to change their pass at next login to make sure it gets done.

keep in mind --> http://support.microsoft.com/kb/320325/EN-US/
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netmgmt/netmgmt/forcing_a_user_to_change_the_logon_password.asp
-rich
0
 
bboy77Commented:
Use somarasoft's dumpsec program to find out what the effective group policy settings like you password policy is. You can create a report that shows the effective password policy on all your user.
http://www.somarsoft.com/

You can also use Microsoft's gpresult.exe tool to find out effective permissions.
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp


There are lots of variables as to why your domain policy is not the effective policy for your clients. First question to ask might be, do you have any other GPO in place in your domain?
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now