sysdj
asked on
Different Password Requirements for admin and users
Can you setup different password requirements for the admin group and user groups. Such as:
Admin Passwords
Must meet at least 3 out of the 4 requirements for quality:
1) at least (1) lower case letter
2) at least (1) upper case letter
3) at least (1) number
4) at least (1) special character (#,*, =, etc.)
User Passwords
Must meet at least 2 out of the 4 requirements for quality:
1) at least (1) lower case letter
2) at least (1) upper case letter
3) at least (1) number
4) at least (1) special character (#,*, =, etc.)
If so, how woulf you implement the police?
Thanks
Admin Passwords
Must meet at least 3 out of the 4 requirements for quality:
1) at least (1) lower case letter
2) at least (1) upper case letter
3) at least (1) number
4) at least (1) special character (#,*, =, etc.)
User Passwords
Must meet at least 2 out of the 4 requirements for quality:
1) at least (1) lower case letter
2) at least (1) upper case letter
3) at least (1) number
4) at least (1) special character (#,*, =, etc.)
If so, how woulf you implement the police?
Thanks
the settings are under computer configuration->windows settings->security settings->account policies->password policy->
enable minimum password length AND password must meet complexity requirements
info:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx
enable minimum password length AND password must meet complexity requirements
info:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx
ASKER
I just didn't want to move them to another OU. But if I have to I will. I assume there is not other way to do this?
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To avoid misunderstandings: the "Not with the standard Microsoft possibilities." was referring to "Can you setup different password requirements for the admin group and user groups.", not to "I assume there is not other way to do this?"
You can NOT use OUs to do what you're planning; note the following part in the Guide above: "There can be only a single password policy for each account database. An Active Directory domain is considered a single account database, [...]"
You can NOT use OUs to do what you're planning; note the following part in the Guide above: "There can be only a single password policy for each account database. An Active Directory domain is considered a single account database, [...]"
0bda thanks for catching that, I was thinking of local policy...By using those settings though you do accomplish what you want to do. The complexity requirement means the password must meet these:
• The password is at least six characters long.
• The password contains characters from at least three of the following five categories:
• English uppercase characters (A - Z)
• English lowercase characters (a - z)
• Base 10 digits (0 - 9)
• Non-alphanumeric (for example: !, $, #, or %)
• Unicode characters
• The password does not contain three or more characters from the user's account name.
• The password is at least six characters long.
• The password contains characters from at least three of the following five categories:
• English uppercase characters (A - Z)
• English lowercase characters (a - z)
• Base 10 digits (0 - 9)
• Non-alphanumeric (for example: !, $, #, or %)
• Unicode characters
• The password does not contain three or more characters from the user's account name.
Download the group policy manager:
http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en