Solved

Enforcing password policy

Posted on 2007-11-30
8
983 Views
Last Modified: 2012-05-05
I am trying to enforce a GPO password policy for all our domain users, and would prefer to implement this on individual user OU's. I changed the Default Domain Policy by going to Computer Configuration -> Workstation Settings -> Security Settings -> Account Policies -> Password Policy. My changes including password complexity worked, however, only at the computer level i.e. local accounts. How do I enforce a password policy at the domain level so it applies to specific domain users?
0
Comment
Question by:qwert5905
8 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 250 total points
ID: 20385822
You cant - the password policy (and account policy) can only be applied at the domain level - not at the OU.
0
 
LVL 5

Expert Comment

by:Engineer_JO
ID: 20385864
yes you can't implement the password policy on user or OU level. you can implement it on domain level.

Best Luck
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20385896
... to expand on my first commenr -  in windows 2000 and 2003 the same password and account policies must be applied at the domain and applies throughout the domain - you cannot have a different polict for different users, groups or OUs.

In Windows 2008 (due soon), the ability to have different policies on OUs has been added.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:qwert5905
ID: 20386201
Thanks for everyone's comments. So, why is the password policy updating the local computer policy and not affecting the network user accounts? I understand that the I've made changes to the Computer Configuration, which affects computers, however, why is this password policy modifed on the Default Domain Policy not enforced when I force password changes on network accounts?
Chris
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20386217
In a domain the domain policy takes presidence over the local policy, the domain policy will apply to domain accounts.

To force the policy to update after immediately you need to run GPUPDATE /force from the run option
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
ID: 20386653
To clarify what's been said so far:

1)  Password Policies affect Network (Domain) logons when set in the Default Domain Policy.
2)  You can only have one Password Policy per domain in Server 2003 (and 2000).
3)  Setting Password Policies at the OU level affect ONLY local accounts on the workstations.
4)  Once the Domain Policy has been modified, the password policy only takes effect for new accounts, password resets when passwords expires.  It does not take effect until such time.

0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now