LinkBack URL
About LinkBacksAnyone know of problems with changing one of the Domain policy GPOs to make passwords expire/have complexity rules etc with CC3?
Not sure it's relevant but it's 2000 server I have.
Anyone know of problems with changing one of the Domain policy GPOs to make passwords expire/have complexity rules etc with CC3?
Not sure it's relevant but it's 2000 server I have.
On a normal setup policies like complexity are per domain and I would think they would be the same under CC3.
Yep
I'm reasonably confident it won't screw anything up but with CC3 I'm always wary of making changes. Most of the problems seem to arise when you make a change and then apply an update.
Whilst I'm thinking about is there a setting to make sure the password isn't too similar to the old one?
As Chris says, it should be fine.
You can set a password history in Windows so that it doesn't allow the user to use the same password again for x number of changes, but not sure about similar passwords.
Just take common sense precautions such as ensuring any service accounts are set to not expire, such as the RM server backup password.
I know RM are flogging their password plus software which enables multiple password policies, but I didn't opt for that due to their other add-ons seeming particularly unreliable/buggy (LST, Auditor etc).
We use Specops Password Policy here which work well and integrates nicely into MMC for administration.
We haven't set this policy, but RM does support this capability - users are prompted to change the password immediately after logging in if it has expired, and this uses their own dialog (part of their GINA replacement I think).
CC3 is mostly just a pre-configured Windows domain and you can set account policy the very same way you do in normal Windows e.g. in the Default Domain Policy.
Off-hand the only policy thing I think you should avoid is GPMC, coz RM have AD and Sysvol permission mismatches that you definitely shouldn't let GPMC correct.
CC3 also contains some schema extensions ... I don't think these are in the public domain either so using GPMC can cause problems. As with Classlink, Ranger and CSE you should use the tools provided ...
LNM does *not* make changes to the schema ... but there are still a number of things that need adding in my experience.
Ok I'm probably going to give this a go sometime next week.
Just to confirm what someone said earlier if you do check the "user must change password at next login" it does indeed work.
The only problems you get then are users not understanding the prompt but I'll leave that for a FFS thread.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote