We help IT Professionals succeed at work.

Different Password Requirements for admin and users

sysdj
sysdj asked
on
230 Views
Last Modified: 2010-04-18
Can you setup different password requirements for the admin group and user groups.  Such as:
Admin Passwords
Must meet at least 3 out of the 4 requirements for quality:
                     1) at least (1) lower case letter
                     2) at least (1) upper case letter
                     3) at least (1) number
                     4) at least (1) special character (#,*, =, etc.)
User Passwords
Must meet at least 2 out of the 4 requirements for quality:
                     1) at least (1) lower case letter
                     2) at least (1) upper case letter
                     3) at least (1) number
                     4) at least (1) special character (#,*, =, etc.)
If so, how woulf you implement the police?
Thanks
Comment
Watch Question

Commented:
If your using active directory you can put the users in a seperate OU and the Administrator in its own OU.  Then apply seperate Group Policies to each OU.

Download the group policy manager:
http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

Commented:
the settings are under computer configuration->windows settings->security settings->account policies->password policy->

enable minimum password length AND password must meet complexity requirements

info:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx

Author

Commented:
I just didn't want to move them to another OU.  But if I have to I will.  I assume there is not other way to do this?
Thanks
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
To avoid misunderstandings: the "Not with the standard Microsoft possibilities." was referring to "Can you setup different password requirements for the admin group and user groups.", not to "I assume there is not other way to do this?"
You can NOT use OUs to do what you're planning; note the following part in the Guide above: "There can be only a single password policy for each account database. An Active Directory domain is considered a single account database, [...]"

Commented:
0bda thanks for catching that, I was thinking of local policy...By using those settings though you do accomplish what you want to do.  The complexity requirement means the password must meet these:

• The password is at least six characters long.

 • The password contains characters from at least three of the following five categories:
• English uppercase characters (A - Z)
• English lowercase characters (a - z)
• Base 10 digits (0 - 9)
• Non-alphanumeric (for example: !, $, #, or %)
• Unicode characters
• The password does not contain three or more characters from the user's account name.

 
 

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.