TechRepublic|Forums|Windows

Windows

General discussion

  • Creator
    Topic
  • June 23, 2006 at 5:50 am #2194362

    different password policies for users

    Locked

    by donalconlon · about 16 years, 9 months ago

    Hi I wish to setup two different password policies on our domain. One group of users will have a minimum number of characters of 10 and will have strong password enforced while another group will have a minimum number of characters of 4 and no strong passwords enforced. How do I do this. Our domain is a Windows 2003 one. Thanks

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • June 23, 2006 at 6:22 am #3269312

      Reply To: different password policies for users

      by allthegoodnamesweregone · about 16 years, 9 months ago

      In reply to different password policies for users

      create seperate OU’s for the two groups of accoutns, and create different GPO’s for each OU to match the policy you want.

    • June 23, 2006 at 6:40 am #3269307

      Reply To: different password policies for users

      by rapell · about 16 years, 9 months ago

      In reply to different password policies for users

      I agree with the above answer, If you require further instructions on how to do this, let us know.

      • June 23, 2006 at 6:42 am #3269305

        Reply To: different password policies for users

        by donalconlon · about 16 years, 9 months ago

        In reply to Reply To: different password policies for users

        This does not work it is still taking its password policy from the default policy If there is something else that needs to b e done please let me know. Thanks.

    • June 23, 2006 at 7:32 am #3269284

      Reply To: different password policies for users

      by paul.desjardins · about 16 years, 9 months ago

      In reply to different password policies for users

      First of all, keep in mind that group policies that are applied will apply themselves in the most restricted manner, unless you disable policy propogation from above. The easiest thing to do may be to leave the default domain policy as it was defaulted with very little set. You don’t necessarily have to put the users in different OUs because even if “10 character strong” users get the “4 character not strong” GPO, as long as the “10 character strong” policy is being applied to them, that’s what they will use because it’s the most restrictive. However, keeping in different containers with the GPOs separated may be easier to manage and keep track of.

      Now, this should be a simple thing, but I will go ahead and ask anyway. When you set the GPOs for each type of user, did you go into the security tab for the Group Policy and make sure the users show up in the security window and that the Apply Policy check box is checked. The best thing to do is add the users to a corresponding group, add that group to the security tab of the GPO and then make sure Apply Policy is checked. Otherwise, you will get the default domain policy. So you may want to create a group that’s called “Strong Security Group”, add all the “10 character strong” users to it, then put it in the corresponding GPO in the security tab and check the Apply Policy check box on that group name. Hopefully this helps. Sorry for the novel.

      • June 23, 2006 at 9:38 am #3269215

        Reply To: different password policies for users

        by donalconlon · about 16 years, 9 months ago

        In reply to Reply To: different password policies for users

        I have done the following. I have created a group called passwords and added the users to this group. I have created a new group plolicy object with the appropiate password policies and added this to an OU which contains the password group. I have added this group to the security tab of the group policy and ticked apply policy. I have ticked the no override option.
        It still does not work. Is there anything else Im missing out on?

    • June 23, 2006 at 12:17 pm #3270500

      Reply To: different password policies for users

      by paul.desjardins · about 16 years, 9 months ago

      In reply to different password policies for users

      Another question that’s just in case, but you probably already have done. Are the users and the group both in the OU that has the GPO?

      If the users are in there too, then it sounds as if you have everything you need. Does the group also have read security permissions to the group policy?

    • June 24, 2006 at 12:16 pm #3143082

      Reply To: different password policies for users

      by p.j.hutchison · about 16 years, 9 months ago

      In reply to different password policies for users

      unfortunately you will have to create new sub domains if you want different account or password policies. They cannot be applied to OUs like other policies.

    • June 24, 2006 at 5:28 pm #3143009

      Reply To: different password policies for users

      by garydw · about 16 years, 9 months ago

      In reply to different password policies for users

      Answer 5 is correct. It’s actually just how WRONG the other answers are.

      Password policies are part of the default DOMAIN policy and cannot be set at an OU level.

      Read this:

      http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx

    • June 26, 2006 at 6:07 am #3164020

      Reply To: different password policies for users

      by donalconlon · about 16 years, 9 months ago

      In reply to different password policies for users

      This question was closed by the author

  • Author
    Replies
Viewing 6 reply threads