?
Solved

Domain Policy and Locking workstations

Posted on 2007-04-10
7
Medium Priority
?
436 Views
Last Modified: 2008-02-20
In Windows 2003 server where do I define password length, history age, etc. Is it under Domain Controller Security Policy or Domain Security Policy and what is the difference.
Also, how in AD can I force all workstations that log in to the domain that their machine will lock after say 90 minutes of inactivity. I don't want users to be able to override this at their desktop.
0
Comment
Question by:donaljcox
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 260 total points
ID: 18882478
You will define password policies at the domain level, not in the Domain Controllers OU.

You can configure workstations to lock after a period of inactivity by configuring the Administrative Templates\Control Panel\Display\Password Protect the Screen saver settings. You can prevent users from changing this by also enabling the Administrative Templates\Control Panel\Display\Hide Screen Saver Tab setting.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 29

Accepted Solution

by:
Michael Pfister earned 240 total points
ID: 18882520
"Domain Controller Security Policy" applies to your domain controllers
"Domain Security Policy" applies to your workstations and member servers, NOT the domain controllers

You need to create a policy and set

User -> Administrative Templates -> Control Panel -> Display

Set "Screen Saver" to enabled
Set "Screen Saver executable name" to i.e. logon.scr
Set "Password protect screen saver" to enabled
Set "Screen saver timeout" to 5400

If you like, also enable "Hide screen saver tab" to prevent users from changing this setting (anyway when the GPO is applied, it will be set again).

Hope it helps,

Michael




0
 
LVL 29

Assisted Solution

by:Michael Pfister
Michael Pfister earned 240 total points
ID: 18882526
2l8 :-)
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 

Author Comment

by:donaljcox
ID: 18882555
ok but I dont want to go around each machine to do this. I do this centrally and which mmc to I run ?
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 260 total points
ID: 18882582
The point of Group Policy is that you configure the setting once in a GPO, then link that GPO to the OU containing your workstations.

Use the Group Policy Management Console (GPMC) from a DC or your administrative workstation to create and link the GPO; simply right-click on the OU containing your workstations and select "Create and link a new GPO here."

If you do not have the GPMC installed, it is a free download available here: http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887

To configure a password policy, right-click on your Default Domain Policy and click "Edit."  (You can configure the screensaver settings in that GPO as well, but then they will apply to every single workstation and server in your whole environment which may not be what you want.)
0
 

Author Comment

by:donaljcox
ID: 18882905
I have tired ot link a policy to the OU for the screen saver lockdown but this does not work I have even rebooted machine. I can see that policy is linked to OU. Is there sth I need to do so that the policy is applied ?
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 260 total points
ID: 18882959
Are the user accounts contained in the OU that you've linked the GPO to as well?

You can use the Resultant Set of Policy wizard in the GPMC to get a report of which GPOs are being applied to a particular user/computer combination, and if there are any GPOs that are not being applied for any reason. The following tutorial will walk you through RSoP if you're unfamiliar with it: http://www.windowsecurity.com/articles/Generating-Resultant-Set-Policy-Queries.html
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question