Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Enforcing password policy

Posted on 2007-11-30
8
Medium Priority
?
1,000 Views
Last Modified: 2012-05-05
I am trying to enforce a GPO password policy for all our domain users, and would prefer to implement this on individual user OU's. I changed the Default Domain Policy by going to Computer Configuration -> Workstation Settings -> Security Settings -> Account Policies -> Password Policy. My changes including password complexity worked, however, only at the computer level i.e. local accounts. How do I enforce a password policy at the domain level so it applies to specific domain users?
0
Comment
Question by:qwert5905
6 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 1000 total points
ID: 20385822
You cant - the password policy (and account policy) can only be applied at the domain level - not at the OU.
0
 
LVL 5

Expert Comment

by:Engineer_JO
ID: 20385864
yes you can't implement the password policy on user or OU level. you can implement it on domain level.

Best Luck
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20385896
... to expand on my first commenr -  in windows 2000 and 2003 the same password and account policies must be applied at the domain and applies throughout the domain - you cannot have a different polict for different users, groups or OUs.

In Windows 2008 (due soon), the ability to have different policies on OUs has been added.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:qwert5905
ID: 20386201
Thanks for everyone's comments. So, why is the password policy updating the local computer policy and not affecting the network user accounts? I understand that the I've made changes to the Computer Configuration, which affects computers, however, why is this password policy modifed on the Default Domain Policy not enforced when I force password changes on network accounts?
Chris
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20386217
In a domain the domain policy takes presidence over the local policy, the domain policy will apply to domain accounts.

To force the policy to update after immediately you need to run GPUPDATE /force from the run option
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 1000 total points
ID: 20386653
To clarify what's been said so far:

1)  Password Policies affect Network (Domain) logons when set in the Default Domain Policy.
2)  You can only have one Password Policy per domain in Server 2003 (and 2000).
3)  Setting Password Policies at the OU level affect ONLY local accounts on the workstations.
4)  Once the Domain Policy has been modified, the password policy only takes effect for new accounts, password resets when passwords expires.  It does not take effect until such time.

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question