?
Solved

Creating a Password Policy

Posted on 2009-02-12
9
Medium Priority
?
354 Views
Last Modified: 2012-08-13
i need to create a password policy on a win2003 DC. ONe domain and Many OU where users resides. We have 1 DC in our Lan AND 2 dc on WAN.
I want the password to be 8 in lenth, and 1 special character with number and letter.
plus i need a lock out policy.
Please i need steps great a i can get start.. if pictures much better.
Thanks a lot,
0
Comment
Question by:Faustinoeltino
9 Comments
 
LVL 18

Expert Comment

by:Americom
ID: 23623263
This should be in your Default Domain Policy
PWGPO.bmp
0
 

Author Comment

by:Faustinoeltino
ID: 23623411
Great!
I will change the length to 8 character minimum. Alpha Numeric.
I have already Users wiht passwords such as :  "chicken"   for example. Created in the past which we never enforce a password policy.
How this is going to affect them?? Do they will be ask to change their password after log off or reboot of there pc? Does anybody know abou this question?
Thanks a lot,
0
 
LVL 18

Expert Comment

by:Americom
ID: 23623694
no, it will not affect them until their password expired(depending whatever number you set in the GPO).
No worry.
Here's some more info:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_23964878.html
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:Faustinoeltino
ID: 23623837
In each User Properties in ADUC
i have the user to : users can not change password and Password never expired.
That should be enough to let these users not to change their password even if they do not meet these requirements correct?
0
 

Author Comment

by:Faustinoeltino
ID: 23623843
what i meant by requirements (New Password Policy)
0
 
LVL 10

Expert Comment

by:Tyler Laczko
ID: 23623885
you can allow them to change their passwords. whenever they do they will need to meet the Password Policy. It is recommended to let users change their passwords whenever they want.
You will want to check make user change password at next login this way they will need to change their password to one that meets the requirements that you just set.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 23623986
If you have passwords never expire then they will never have to change their passwords becasue they won't expire.
 
0
 

Author Comment

by:Faustinoeltino
ID: 23624000
i will not be able to do it (change user passwords manually) right away after the implementation since too many users. and I want couple users to keep with their old password. I just want to implement password complexity and length, no aging. will this be suficient so some users can keep their old password correct?
0
 
LVL 18

Accepted Solution

by:
Americom earned 1000 total points
ID: 23624023
FaustinoeItino:
you are correct if you check password never expire, they will not need to change password
But this not recommended for security reason

ProfessionalComputersolutions is correct about letting user to change password anytime they want.
If a user think that their password has expose to someone else and would like to change password, he or she should be able to without call the helpdesk and they probably won't want to share the password with helpdesk. So, it should be allowed. Unless you are just afraid that they may change password and run into the problem with complexity password requirement. Yes, this is correct, thre should be some training on users what complexity password requirement is for and how it is used.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question