+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
Wireless Networks Thread, Passwords in Technical; Hello All Is it possible to use two password policies one domain eg staff with complex passwords and students with ...
  1. #1

    Join Date
    Aug 2005
    Location
    London
    Posts
    12
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Passwords

    Hello All

    Is it possible to use two password policies one domain eg staff with complex passwords and students with no passwords?

    Many thanks for your help and advice.

    Alex

  2. #2

    beeswax's Avatar
    Join Date
    Jul 2005
    Location
    England
    Posts
    2,285
    Thank Post
    285
    Thanked 225 Times in 153 Posts
    Rep Power
    131

    Re: Passwords

    we start our year 7 pupils off with the same password, 1 to 5, and then force them to change it at first logon. I worked in a place where staff were given the chance to change pupils passwords, and one teacher changed them all to "dog", which is the same as having no password at all. As you can imagine, folders started to disappear from pupil areas, work was copied and presented as their own work etc. but then again, I work in a secondary school.
    beeswax

  3. #3

    Join Date
    Aug 2005
    Location
    London
    Posts
    12
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Passwords

    Thanks Beeswax

    I should have mentioned that I am talking about a Primary school here. Sorry for the confusion.

    Alex

  4. #4
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,383
    Thank Post
    54
    Thanked 315 Times in 245 Posts
    Blog Entries
    6
    Rep Power
    120

    Re: Passwords

    Quote Originally Posted by ictex
    Hello All

    Is it possible to use two password policies one domain eg staff with complex passwords and students with no passwords?

    Many thanks for your help and advice.

    Alex
    No. To have different password policies for different users you need to put them in seperate domains. This is what we have done.

  5. #5
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42

    Re: Passwords

    No. To have different password policies for different users you need to put them in seperate domains. This is what we have done.
    Cant you setup 2 different group policies with 2 different password policies(on the same domain that is)?

  6. #6
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,013
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    108

    Re: Passwords

    No Norphy is correct the password policy is for the whole domain only.

  7. #7
    alan-d's Avatar
    Join Date
    Aug 2005
    Location
    Sutton Coldfield
    Posts
    2,414
    Thank Post
    360
    Thanked 256 Times in 187 Posts
    Rep Power
    75

    Re: Passwords

    I'd say that you could set different account policies in a GPO attached to an OU. The only policy that has to come from the default domain policy is the Kerberos Policy.

  8. #8
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,383
    Thank Post
    54
    Thanked 315 Times in 245 Posts
    Blog Entries
    6
    Rep Power
    120

    Re: Passwords

    No. Account policies are per domain. See MS article here. Believe me, if they weren't I wouldn't have gone to the trouble of setting up such an elaborate system.

  9. #9
    alan-d's Avatar
    Join Date
    Aug 2005
    Location
    Sutton Coldfield
    Posts
    2,414
    Thank Post
    360
    Thanked 256 Times in 187 Posts
    Rep Power
    75

    Re: Passwords

    You could be right there - although the wording from MS does not make it clear.

    I'm wondering now what else is Default Domain Policy Only?

  10. #10
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,383
    Thank Post
    54
    Thanked 315 Times in 245 Posts
    Blog Entries
    6
    Rep Power
    120

    Re: Passwords

    Quote Originally Posted by Microsoft
    When you configure account policies (such as password policy and account lockout policy) in Active Directory, Microsoft Windows 2000 permits only one domain account policy per domain.
    Seems fairly unambiguous to me. I'm pretty sure that its just account policies that are set per domain. Everything else can be set on the OU level

  11. #11
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42

    Re: Passwords

    Ah yes.. duh oh yes now i remember.. Password Policies are set at domain level. Looks like me grey matter is starting to go :?

  12. #12
    alan-d's Avatar
    Join Date
    Aug 2005
    Location
    Sutton Coldfield
    Posts
    2,414
    Thank Post
    360
    Thanked 256 Times in 187 Posts
    Rep Power
    75

    Re: Passwords

    For 2000 - clear as day but 2003 manual not so clear :P But 'Inside AD 2nd edition by Sakari Kouti - Mika Seitsonen' puts it in plain english

  13. #13

    Join Date
    Aug 2005
    Location
    London
    Posts
    12
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Passwords

    Many thanks to all for your help :-)

  14. #14

    Join Date
    Feb 2006
    Location
    South Gloucestershire
    Posts
    23
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Passwords

    Policies are per domain if you stick to the pure microsoft aproach. You can however install a custom GINA which will intercept password changes and allow you to apply your own policy based on whatever criteria you see fit.

    It is mildly frightening, but there are even open source projects. Google for custom gina and check out sourceforge for the open source stuff. It is also used as a method of synchronising password changes with non MS systems by notifying them of password events.

    One of the big projects is called pGINA which seems stable and reputable, but beware, there are trojan GINAs out there which will just capture passwords (fun to play with though)

  15. #15

    Join Date
    Feb 2006
    Location
    South Gloucestershire
    Posts
    23
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Passwords

    Some idle googling trying to find the site I remembered revealed this site

    http://www.rohos.com/welcome-screen/usbflash.htm

    Which seems a very interesting idea - I shall probably play with it later but it might be worth you taking a look - if the user does not have to remember a password it can be as complex as you want with no worries

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. CC3 Expiring passwords
    By CheeseDog in forum Wireless Networks
    Replies: 7
    Last Post: 26th November 2006, 08:33 PM
  2. Passwords
    By indie in forum Wireless Networks
    Replies: 15
    Last Post: 25th January 2006, 10:04 AM
  3. making passwords help
    By browolf in forum Scripts
    Replies: 7
    Last Post: 26th August 2005, 09:49 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •