How to deploy password policy

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I need to set up a password policy in my company and have never done this in
AD. All I need to do is say everyone needs a password of 6 caracters or more
and it expires every 45 days and can not use same password more that once in
6 chances.

I know it is in Group Policies that this must be done and in Comp Conf, Win
Settings, Security Settings, Account Policies and then Password Policies.

I am just not sure, if I have a OU with lets say 10 Users in it, will
Computer Configuration also include those users or do I have to add the pc's
that the users are using.

Maybe I am completely wrong with all this, any help would be much Appreciated.
 
Mitton!

Please do this in the Domain Security Policy ( Start | Programs |
Administrative Tools | Domain Security Policy ). The Password Policy is at
the domain level and you can have one and only one password policy that will
affect all user account objects in the domain.

HTH,

Cary
 
Hey Gary

Thanks for the feedback.

If I go to Start | Programs |
Administrative Tools, there is no Domain Security Policy. Could it be that
it is called something else or that I have to install something?

Thanks
 
Cary,

Are you doing this on a Domain Controller or on a member server /
workstation? If you are doing it on a member server / workstation then you
need the ADMINPAK installed on that specific member server / workstation.

HTH,

Cary
 
Ah, was doing it from a member server. Found it, will have to figure out how
to use it. Looks nothing like Group Policy.
 
Hi Mitton

I'd also recommend a stronger policy. 6 characters is trivial to crack
these days. My preference is 10 characters. If users start complaining
that this is too hard to remember, introduce the concept of a pass phrase.
"This is a strong password1!" is an example. All they need to do is think
of their favourite song lyric and throw in a non-alpha character and they'll
be as safe as houses.

Take a look at:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
It's just a sub-set of group policy. That is, the group policy snap-in
contains this extension underneath the windows settings section.

Have a play with it - there's nothing to it ;-)


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


Ah, was doing it from a member server. Found it, will have to figure out how
to use it. Looks nothing like Group Policy.
 
Back
Top