asked on

Password Policy or Enforcement

Dear Experts,

I have a 2003 AD: simple one office 30 users. I want to force all of the users to create a strong password such as 8 charachters, one upper case one number and one special character thing. I am finding all kinds of information on this. I was hoping this would be fairly easy to do and apply to each OU that I wanted. Can anyone direct me or give me the steps to set this up?

Thanks

ASKER CERTIFIED SOLUTION

oBdA

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Reginald Meyer

ASKER

I have this article and I am trying to make sense of it. If I go to group policy object editor for the domain and change the password policy settings under security it should force the next user that I mark for a password change to apply the change?

Netman66

I think that Security entry you're using is actually the Default Domain Controller Policy - it needs to be in the Default Domain Policy.

oBdA

You can define the password policy in any GPO that is linked to the domain root, as explained in the article; Microsoft recommends to leave the Default Domain Policy and create additional GPOs.
The policy will be effective the next time a domain user changes his password.

Reginald Meyer

ASKER

Very good. I am going to give this a go tonight. Thanks

Reginald Meyer

ASKER

I cannot get this to work. I cannot seem to get it to enforce even the simplest thing 8 characters. I have gone into the group policy for the domain and then into the machine policy and I have added a policy called complex password policy. I changed the settings for the password policy and then moved it up above the default group poicy for the domain. I have checked the OU's and made sure the GPO for those are set to "not defined" and still it does not enforce the perameters when I tell it to change a users password?

Do you have any suggestions.

oBdA

On the DCs, open a command prompt and enter
gpupdate /force