Windows Server 2008 R2 Thread, Setting up GP Passwords. in Technical; (2008r2 server)
Hi, One of my small primary schools has no password system in place so the staff log on ...
13th November 2012, 02:06 PM #1
Setting up GP Passwords.
Hi, One of my small primary schools has no password system in place so the staff log on to a machine with very week passwords. I have been over potential issues and they do not want this changed.
Recently they have asked me to set up web based vpn. I have managed to get them to agree that if someone wants vpn access they will have to have a more secure password.
So what I would like to do is have an OU with strict password policy so I can pop a user in this OU and they will be asked to change their password. I have done some reading and not 100% sure if this is possible without effecting other users on the network.
Can someone advice me please
13th November 2012, 04:37 PM #2
If you are on a 2008 or above domain functional level this is possible.
AD DS: Fine-Grained Password Policies
search for fine grain password policy.
I set this up to allow the younger students to have weak passwords and keep staff on strong passwords.
I don't recall all the details but here is the gist.
use ADSI edit to create the policy in the domain
edit the properties to meed your needs (length complexity etc)
assign the applies to property to the group you want it to apply too.
I recommend creating a security group call passwordpolicy xyz and then you don't have to change the policy every time someone needs added, just put them in that group.
Hope that helps.
Thanks to ADMaster from:
edutech4schools (14th November 2012)
28th November 2012, 09:59 AM #3
Thanks for the info. I have just set up a test password police which does work but displays incorrect info in the message box, for example I set min password length to 8 but in the password reset box that is displayed to the user it says the password must be more than 0 in length.
28th November 2012, 12:21 PM #4
After a bit more testing it appears that the password reset box info shown to a user is the default domain password info and not the fine grained password info applied to the user, although the user still has to enter the fine grained password requirements in order to reset the password. So the fine grained password is being applied to the user.
How do I get the correct reset requirements info to be displayed?
By tosca925 in forum General Chat
Last Post: 21st November 2011, 04:39 PM
By bart21 in forum Windows
Last Post: 23rd November 2010, 10:34 AM
By tosca925 in forum Windows
Last Post: 13th June 2007, 08:28 PM
By tosca925 in forum How do you do....it?
Last Post: 24th January 2006, 11:38 AM
Last Post: 9th November 2005, 01:54 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)