How to deploy password policy

G

Guest

I need to set up a password policy in my company and have never done this in
AD. All I need to do is say everyone needs a password of 6 caracters or more
and it expires every 45 days and can not use same password more that once in
6 chances.

I know it is in Group Policies that this must be done and in Comp Conf, Win
Settings, Security Settings, Account Policies and then Password Policies.

I am just not sure, if I have a OU with lets say 10 Users in it, will
Computer Configuration also include those users or do I have to add the pc's
that the users are using.

Maybe I am completely wrong with all this, any help would be much Appreciated.
 
C

Cary Shultz [A.D. MVP]

Mitton!

Please do this in the Domain Security Policy ( Start | Programs |
Administrative Tools | Domain Security Policy ). The Password Policy is at
the domain level and you can have one and only one password policy that will
affect all user account objects in the domain.

HTH,

Cary
 
G

Guest

Hey Gary

Thanks for the feedback.

If I go to Start | Programs |
Administrative Tools, there is no Domain Security Policy. Could it be that
it is called something else or that I have to install something?

Thanks
 
C

Cary Shultz [A.D. MVP]

Cary,

Are you doing this on a Domain Controller or on a member server /
workstation? If you are doing it on a member server / workstation then you
need the ADMINPAK installed on that specific member server / workstation.

HTH,

Cary
 
G

Guest

Ah, was doing it from a member server. Found it, will have to figure out how
to use it. Looks nothing like Group Policy.
 
M

Mark Renoden [MSFT]

Hi Mitton

I'd also recommend a stronger policy. 6 characters is trivial to crack
these days. My preference is 10 characters. If users start complaining
that this is too hard to remember, introduce the concept of a pass phrase.
"This is a strong password1!" is an example. All they need to do is think
of their favourite song lyric and throw in a non-alpha character and they'll
be as safe as houses.

Take a look at:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
P

ptwilliams

It's just a sub-set of group policy. That is, the group policy snap-in
contains this extension underneath the windows settings section.

Have a play with it - there's nothing to it ;-)


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


Ah, was doing it from a member server. Found it, will have to figure out how
to use it. Looks nothing like Group Policy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Password Policy 1
Password Policy 1
Password expiration 1
default domain policy, password policy 2
Problem with Password Policy 1
Group Policy 7
password policy 3
strong password group policy 2

Top