Problem with Password Policy

G

Guest

I am new to AD this is what i have setup. I have a single domain and i have 2
DC both running Windows 2000 Server sp4. I have about 10 different OU. Inside
the OU i have the users no Groups. I have created a GPO for the OU's in the
domain. The changes that i make to the GPO that is assigned to all of the
OU's will all work. I have assigned a background and other stuff like that i
am really just getting started. This is where i have run into a little
problem and i need some help. I tried to set some complexity requirements for
the passwords i wanted them to have to meet the complexity requirements with
a length of 6 charecters. Well it didnt work they can enter any password that
they would like even no password. Why did this not work i applied it to the
same GPO that i have made all the other changes to but this time it didnt
work. I have noticed that there are a couple fo places that these changes
could be made and none of them work. I tried it on the default GPO for the
domain controller and the domain security policy. Nothing has worked so far.
Any help would be much appreciated.
 
N

Norbert Fehlauer [MVP]

Dave Johnson wrote:
Hi,
getting started. This is where i have run into a little problem and i
need some help. I tried to set some complexity requirements for the
passwords i wanted them to have to meet the complexity requirements
with a length of 6 charecters.
Click to expand...

Password complexity and other password polices can only be set at
domainlevel. (for instance Default Domain Policy)
to but this time it didnt work.
Click to expand...

See above.

HTH
Norbert
 
H

Harj

Hi,

Setting up a password policy and linking it anywhere except the default
level will only affect the local accounts. Only one password policy
allowed in a domain. You can create your own password filter which
would require extensive programming experience.

http://msdn.microsoft.com/library/d...y/en-us/secmgmt/security/password_filters.asp

There are third party vendors that have software that allows multiple
password policies within a single domain, one being called SpecOps
Password Policy.You can link policies to a user, computer, or a
particular OU.
With this you can configure how many upper, lower, special characters
are required as well as how many digits are required.
One other large benifit is that you can also control the password age
per policy. All of this without a third party GINA, schema extensions,
background services running.
More information can be found at the following link

http://www.specopssoft.com/products/specopspasswordpolicy/Default.asp

Harj Singh
Password Policy done right
www.specopssoft.com
 
D

Darren Mar-Elia \(MVP\)

Harj-
Go easy on the product pitching. That's two posts in a row where you're
pitching your products. We all appreciate knowing that there are 3rd party
solutions out there but there are lots of other solutions to these two
problems. Being helpful is pointing them all out :)

Darren

--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
And, the Windows Group Policy Guide is out from Microsoft Press!!! Check it
out at http://www.microsoft.com/mspress/books/8763.asp
GPOGUY Blog: http://blogs.dirteam.com/blogs/gpoguy



Harj said:
Hi,

Setting up a password policy and linking it anywhere except the default
level will only affect the local accounts. Only one password policy
allowed in a domain. You can create your own password filter which
would require extensive programming experience.

http://msdn.microsoft.com/library/d...y/en-us/secmgmt/security/password_filters.asp

There are third party vendors that have software that allows multiple
password policies within a single domain, one being called SpecOps
Password Policy.You can link policies to a user, computer, or a
particular OU.
With this you can configure how many upper, lower, special characters
are required as well as how many digits are required.
One other large benifit is that you can also control the password age
per policy. All of this without a third party GINA, schema extensions,
background services running.
More information can be found at the following link

http://www.specopssoft.com/products/specopspasswordpolicy/Default.asp

Harj Singh
Password Policy done right
www.specopssoft.com
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Password Policy revisited 3
Win2k group policy problem 2
Password policy not enforced 1
Block Policy Inheritance not working as anticipated 4
GPO Password Policy is applied but not working 4
Assistance Please - Policy Order Doesn't Seem To Work Out Right. 1
Group Policy Not Being Applied?? 11
GPO won't apply "Password Policy" to DC 2

Top