+ Post New Thread
Results 1 to 9 of 9
Windows Thread, Staff Password Remember in Technical; Hi, We have forced for September staff to change their network password, which the force is working fine. However it ...
  1. #1

    Join Date
    Apr 2007
    Location
    York
    Posts
    560
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    20

    Staff Password Remember

    Hi,
    We have forced for September staff to change their network password, which the force is working fine.

    However it allows them to keep the same password.

    I have set in the staff only group policy to remember 2 passwords. The problem been its under computer configuration and doing it on a user account - isn't this bad practice? Does it work ok? As it doesn't seem to work for us.

    THanks

  2. #2
    TheLibrarian
    Guest
    Some password settings are set on the Default Domain policy and only there.

    This effectively means you can only have differing password policies on different domains IIRC.

    This may not be true for later versions of Windows Server later than W2K, however I haven't looked this up.

  3. #3

    Join Date
    Apr 2007
    Location
    York
    Posts
    560
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    20
    The settings are in computer configuration in all OU's but doesn't seem to work after a gpupdate /force

  4. #4

    Join Date
    Mar 2007
    Posts
    1,791
    Thank Post
    82
    Thanked 296 Times in 227 Posts
    Rep Power
    87
    they're there, but they wont take effect, only from the default domain policy i'm afriad. Only way round it is to setup a sub domain or upgrade to 2008

  5. #5
    TheLibrarian
    Guest
    Excerpt from :Enforcing Strong Password Usage Throughout Your Organization

    There can be only a single password policy for each account database. An Active Directory domain is considered a single account database, as is the local account database on stand alone computers. Computers that are members of a domain also have a local account database, but most organizations that have deployed Active Directory domains require their users to log on to their computers and the network by using domain-based accounts. Consequently if you specify a minimum password length of 14 characters for a domain, all users in the domain must use passwords of 14 or more characters when they create new passwords. To establish different requirements for a specific set of users, you must create a new domain for their accounts.

    In essence, one password policy per domain as far as I understand it.

  6. #6

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    11,201
    Thank Post
    1,808
    Thanked 2,219 Times in 1,637 Posts
    Rep Power
    802
    As TheLibrarian says, one password policy for one Server 2003 domain. You cannot have OU level password policies in Server 2003.

    I believe this changes in Server 2008 and OU level password policies are possible - but as I haven't got that far yet... * waits for someone else to confirm or deny *

  7. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    That's correct. Windows 2000/2003 Server is one password policy per domain. I believe there are some third party tools which add this function, but 2008 Server does allow password policies per OU anyway, so you may as well upgrade to 2008 Server.

    As a recommendation, the number of remembered passwords should be at least 10 for it to be of any great use. You can also configure a policy (forget its name top of my head), where users can be reminded x amount of days to change it before the deadline. It's linked with how many days passwords are valid for.

  8. #8

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    2008 Server does allow password policies per OU anyway
    Not quite.. unlesss I've missed some enhancement, you apply them to users and|or groups. They're a bit of a pain (MS have you make them with ADSIEdit etc.), but there are a few 3rd party freebie GUIs to get around that.

  9. #9

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    Not quite.. unlesss I've missed some enhancement, you apply them to users and|or groups.
    Sorry I did use the wrong terminology, it's just generally speaking you do have a GPO per OU.

SHARE:
+ Post New Thread

Similar Threads

  1. Released: Password Reset tool for staff
    By powdarrmonkey in forum Windows
    Replies: 31
    Last Post: 14th July 2010, 12:27 PM
  2. Staff Change Joomla Password
    By karldenton in forum Web Development
    Replies: 2
    Last Post: 17th July 2009, 12:53 PM
  3. Replies: 42
    Last Post: 10th April 2007, 09:18 AM
  4. Use of domain password (& staff AUP, etc.) ;)
    By mark in forum School ICT Policies
    Replies: 22
    Last Post: 29th June 2005, 02:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •