+ Post New Thread
Results 1 to 4 of 4
Windows Server 2008 R2 Thread, Setting up GP Passwords. in Technical; (2008r2 server) Hi, One of my small primary schools has no password system in place so the staff log on ...
  1. #1

    Join Date
    Apr 2010
    Posts
    2,104
    Thank Post
    95
    Thanked 189 Times in 156 Posts
    Rep Power
    84

    Setting up GP Passwords.

    (2008r2 server)

    Hi, One of my small primary schools has no password system in place so the staff log on to a machine with very week passwords. I have been over potential issues and they do not want this changed.

    Recently they have asked me to set up web based vpn. I have managed to get them to agree that if someone wants vpn access they will have to have a more secure password.

    So what I would like to do is have an OU with strict password policy so I can pop a user in this OU and they will be asked to change their password. I have done some reading and not 100% sure if this is possible without effecting other users on the network.

    Can someone advice me please

  2. #2
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    348
    Thank Post
    5
    Thanked 38 Times in 33 Posts
    Rep Power
    24
    If you are on a 2008 or above domain functional level this is possible.
    AD DS: Fine-Grained Password Policies

    search for fine grain password policy.

    I set this up to allow the younger students to have weak passwords and keep staff on strong passwords.

    I don't recall all the details but here is the gist.

    use ADSI edit to create the policy in the domain
    edit the properties to meed your needs (length complexity etc)
    assign the applies to property to the group you want it to apply too.

    I recommend creating a security group call passwordpolicy xyz and then you don't have to change the policy every time someone needs added, just put them in that group.

    Hope that helps.

  3. Thanks to ADMaster from:

    edutech4schools (14th November 2012)

  4. #3

    Join Date
    Apr 2010
    Posts
    2,104
    Thank Post
    95
    Thanked 189 Times in 156 Posts
    Rep Power
    84
    Thanks for the info. I have just set up a test password police which does work but displays incorrect info in the message box, for example I set min password length to 8 but in the password reset box that is displayed to the user it says the password must be more than 0 in length.

    any idea?

  5. #4

    Join Date
    Apr 2010
    Posts
    2,104
    Thank Post
    95
    Thanked 189 Times in 156 Posts
    Rep Power
    84
    After a bit more testing it appears that the password reset box info shown to a user is the default domain password info and not the fine grained password info applied to the user, although the user still has to enter the fine grained password requirements in order to reset the password. So the fine grained password is being applied to the user.

    How do I get the correct reset requirements info to be displayed?

SHARE:
+ Post New Thread

Similar Threads

  1. Setting up home wireless network with MAC and PC..?
    By tosca925 in forum General Chat
    Replies: 6
    Last Post: 21st November 2011, 04:39 PM
  2. Replies: 1
    Last Post: 23rd November 2010, 10:34 AM
  3. Setting up the Password Policy on domain.
    By tosca925 in forum Windows
    Replies: 5
    Last Post: 13th June 2007, 08:28 PM
  4. Setting up test scenario on Server 2003/Active Directory/GPO
    By tosca925 in forum How do you do....it?
    Replies: 20
    Last Post: 24th January 2006, 11:38 AM
  5. Setting up NAT using IPTABLES
    By ChrisH in forum *nix
    Replies: 23
    Last Post: 9th November 2005, 01:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •