+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Windows Thread, password complexity help in Technical; We are trying to enforce password complexity into our domain but dont want to enforce it for pupils. Looking and ...
  1. #1
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,035
    Thank Post
    305
    Thanked 293 Times in 203 Posts
    Rep Power
    120

    password complexity help

    We are trying to enforce password complexity into our domain but dont want to enforce it for pupils. Looking and testing the settings on the servers, it looks like it can only be done at domain level not OU level. Is there a way we can configure this per OU? It can be done via password filtering but it means eidting the registry on each DC and i dont particually want do that. is there an easier way?

    Thanks in advance

    Tim

  2. #2

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,678
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499

    Re: password complexity help

    Unfortunately - No

    Password Policies are set at the domain level and only take effect in the Default Domain Policy.

    Only solution would be seperate domains for pupils and staff..

  3. #3
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: password complexity help

    Quote Originally Posted by Gatt
    Unfortunately - No

    Password Policies are set at the domain level and only take effect in the Default Domain Policy.

    Only solution would be seperate domains for pupils and staff..
    Be careful how loud you say that... hang on... what's that noise ... oh no! ... here they come... IT'S THE YOU MUST USE A SINGLE DOMAIN gang..... :P

  4. #4
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,384
    Thank Post
    54
    Thanked 315 Times in 245 Posts
    Blog Entries
    6
    Rep Power
    120

    Re: password complexity help

    My last place used multiple domains for precisely this reason. And about a month after I set that up, I found about this.

    I swore.

  5. #5
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: password complexity help

    Did you find out how much it costs?

  6. #6
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,384
    Thank Post
    54
    Thanked 315 Times in 245 Posts
    Blog Entries
    6
    Rep Power
    120

    Re: password complexity help

    No but I suspect it's not cheap.

  7. #7
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: password complexity help

    That would be my guess as well. Unless of course they do academic pricing.

  8. #8

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,726
    Thank Post
    667
    Thanked 1,638 Times in 1,463 Posts
    Rep Power
    424

    Re: password complexity help

    Well I'll found out when they get back to me.

    Ben

  9. #9

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,678
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499

    Re: password complexity help

    Shame, cos their GPUpdate tools were great - espcially with them being free and all..

  10. #10
    Kyle's Avatar
    Join Date
    Jan 2006
    Posts
    974
    Thank Post
    91
    Thanked 14 Times in 13 Posts
    Rep Power
    21

    Re: password complexity help

    Easy Solution here.

    Set the Policy,
    Got to a OU with Pupils
    Select all of them, then right click properties,
    choose password never expires.

    This will stop the pupils passwords ever expiring. Do this for all pupils/users you don't want passwords expiring for.

    I have used this successfully before.

    You can still go in a change the password for them or use a script to force users from a certain OU choose a different password at next log on.

  11. #11

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,054
    Thank Post
    888
    Thanked 1,729 Times in 1,492 Posts
    Blog Entries
    12
    Rep Power
    454

    Re: password complexity help

    Quote Originally Posted by Kyle
    Easy Solution here.

    Set the Policy,
    Got to a OU with Pupils
    Select all of them, then right click properties,
    choose password never expires.

    This will stop the pupils passwords ever expiring. Do this for all pupils/users you don't want passwords expiring for.

    I have used this successfully before.

    You can still go in a change the password for them or use a script to force users from a certain OU choose a different password at next log on.
    He doesn't want the users passwords not to expire he wants to set a policy on certain users on how complex there passwords are

  12. #12
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: password complexity help

    Quote Originally Posted by Kyle
    Easy Solution here.

    Set the Policy,
    Got to a OU with Pupils
    Select all of them, then right click properties,
    choose password never expires.

    This will stop the pupils passwords ever expiring. Do this for all pupils/users you don't want passwords expiring for.

    I have used this successfully before.

    You can still go in a change the password for them or use a script to force users from a certain OU choose a different password at next log on.
    This will work if you change the passwords manually via DSA.MSC, but if you configure the 'force password change' attribute, then the password policy will be applied.

  13. #13

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,726
    Thank Post
    667
    Thanked 1,638 Times in 1,463 Posts
    Rep Power
    424

    Re: password complexity help

    For 850 users in 1 AD domain the price is:

    £1461.25

    2nd and 3rd maintenance combined is £500

    Ben

  14. #14

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115

    Re: password complexity help

    the price is:
    OUCH!

    I did a password filter a long time ago (as usual) which tested them against a memory mapped dictionary file and definitely wasn't hard.

    Multiple password policies is more complex because you need to need get hold of an OU or group membership from an account name in order to pick and test their proposed password against the right policy. That means talking to AD and in this context I'm currently not sure which of several userland approaches to that might work or be be safe, but it can't be that hard!

    Anyway at that price I'd probably hold fire on a solution now and start considering whether it might be an idea to just upgrade DCs to Server 2008 next summer.

    Well not me personally, I'm actually wondering whether to have a quick look at this and knock one out at a bargain basement price.

  15. #15
    mrcrazy04's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire/Cheltenham, UK
    Posts
    260
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    17

    Re: password complexity help

    If you got an open source GINA dll, then you could integrate it into that to do the lookups and apply the relevant policy - and then it isn't running in userland.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Password Protect USB Key
    By sqdge in forum Windows
    Replies: 2
    Last Post: 31st July 2007, 03:47 PM
  2. That is the right password!
    By Ric_ in forum *nix
    Replies: 9
    Last Post: 27th July 2007, 09:23 AM
  3. Lanview password
    By kevin in forum Network and Classroom Management
    Replies: 4
    Last Post: 17th May 2007, 02:14 PM
  4. Bios Password
    By jamieallonby in forum Hardware
    Replies: 16
    Last Post: 10th March 2006, 12:45 PM
  5. Password Security
    By mark in forum School ICT Policies
    Replies: 5
    Last Post: 14th October 2005, 03:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •