• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 210
  • Last Modified:

Password Policy or Enforcement

Dear Experts,

I have a 2003 AD: simple one office 30 users.  I want to force all of the users to create a strong password such as 8 charachters, one upper case one number and one special character thing.  I am finding all kinds of information on this.  I was hoping this would be fairly easy to do and apply to each OU that I wanted.  Can anyone direct me or give me the steps to set this up?

Thanks
0
Reginald Meyer
Asked:
Reginald Meyer
  • 3
  • 3
1 Solution
 
oBdACommented:
You can enforce complex passwords, but you can only have one password policy per domain, and it has to be linked to the domain root; you can't apply domain password policies to OUs (password policies defined in an OU will only apply to *local* accounts on machines in that OU).

Step-by-Step Guide to Enforcing Strong Password Policies
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx
0
 
Reginald MeyerAuthor Commented:
I have this article and I am trying to make sense of it.  If I go to group policy object editor for the domain and change the password policy settings under security it should force the next user that I mark for a password change to apply the change?
0
 
Netman66Commented:
I think that Security entry you're using is actually the Default Domain Controller Policy - it needs to be in the Default Domain Policy.

0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
oBdACommented:
You can define the password policy in any GPO that is linked to the domain root, as explained in the article; Microsoft recommends to leave the Default Domain Policy and create additional GPOs.
The policy will be effective the next time a domain user changes his password.
0
 
Reginald MeyerAuthor Commented:
Very good.  I am going to give this a go tonight.  Thanks
0
 
Reginald MeyerAuthor Commented:
I cannot get this to work.  I cannot seem to get it to enforce even the simplest thing 8 characters. I have gone into the group policy for the domain and then into the machine policy and I have added a policy called complex password policy.  I changed the settings for the password policy and then moved it up above the default group poicy for the domain.  I have checked the OU's and made sure the GPO for those are set to "not defined" and still it does not enforce the perameters when I tell it to change a users password?

Do you have any suggestions.
0
 
oBdACommented:
On the DCs, open a command prompt and enter
gpupdate /force
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now