Did it work? Mvh Svein Arild -----Opprinnelig melding----- Fra: Matt Fowler [mailto:mfowler@xxxxxxxxxxxxxxxxx] Sendt: 8. juli 2004 20:57 Til: windows2000@xxxxxxxxxxxxx Emne: [windows2000] Re: SV: Re: 2003 Active Directory, Blank Passwords Good idea, thanks. At 08:52 PM 7/8/04 +0200, you wrote: >Password policyes are a computer setting, not a user setting. So you cant >apply this to a user, or a group containing users, or a OU containing >users. (you can, but it wont work). > >The domain ONLY reads password policyes from the domain root level. So you >HAVE to place the policy here, or use the "Default domain policy". It is >the domain controllers who reads this policy and checks it. So you can >filter all you want on a user level, but for no good. > >You can however set this policy for different computers, but that will >only affect local accounts. If you apply a password policy to the "domain >controller objects" it will have NO function, since all logons to them are >checked in the directory, not localy. > >The only workaround I can think of working, is to disable the policy >domainwide (temporarily) reset the password for these users to blank, set >the password to never expire, and turn the policy back on. Havent tried >it, but i would imagine it works, since a password compexity is only >checked during password change, not logon. > >Mvh >Svein Arild > > > >-----Opprinnelig melding----- >Fra: James Lilly [mailto:LillyJ@xxxxxxxxxxx] >Sendt: 8. juli 2004 17:01 >Til: windows2000@xxxxxxxxxxxxx; mfowler@xxxxxxxxxxxxxxxxx >Emne: [windows2000] Re: 2003 Active Directory, Blank Passwords > > >First of all, make sure you have the Group Policy Management Console >installed, that makes your life much easier, especially when dealing >with things like this. > >Then, in the GPMC, select the policy that restricts passwords, and make >sure that the Authenticated Users group is listed in the security >filtering box. Go to the Delegation tab, click on Advanced, add the >Group of users you want to allow blank passwords for, and check the Deny >box for Apply Group Policy. > >Then, on the Blank Password group policy, just add the Group of Users >you want to be able to use blank password to the Security Filtering box, >and remove Authenticated Users from that box. > >That should work unless something strange is different about the >security policy piece. Unfortunately, I'm in the process of rebuilding >my training classroom, so I can't test it out on that specific piece of >Group Policy. > >Make sure that: >1. Both policies either only include the password settings, or that >the other settings are identical, if you want them to be. > >2. Both policies are linked to the domain level. Password settings >are only supposed to work at the domain level, but I haven't actually >tried it in a lab environment to see if that is the case in real life, >as well. > >Let me know if it works or not; > >James > > >>> mfowler@xxxxxxxxxxxxxxxxx 7/8/2004 10:13:26 AM >>> >That much I think I understand, we have created a 2nd domain wide >policy >but are trying to apply it to only a select set of groups, not the >entire >domain. I'm beginning to think that this is impossible to do. > >Any additional thoughts? > >At 09:09 AM 7/8/04 -0500, you wrote: > >I thought that this type of Account policy was a Domain wide thing and >not a > >specific OU and that wanting different account policies was one of >the > >reasons one would set up child domains. > > > >Douglas Jensen > >Douglas.Jensen@xxxxxxxxxxxxx > >Voice (952) 402-9821 > >Fax (952) 402-9815 > >Network Administrator > >Scott Carver Dakota CAP Agency, Inc. > >712 Canterbury Road > >Shakopee, MN 55379 > >www.capagency.org > > > > > >-----Original Message----- > >From: Matt Fowler [mailto:mfowler@xxxxxxxxxxxxxxxxx] > >Sent: Thursday, July 08, 2004 9:06 AM > >To: windows2000@xxxxxxxxxxxxx > >Subject: [windows2000] 2003 Active Directory, Blank Passwords > > > > > >Trying to setup Group Policies to allow a certain group of users the > >ability to have blank passwords. However, the only way I can get >blank > >passwords to be allowed is to apply the GPO to the "authenticated >users" > >group. I don't want everyone to have blank passwords, just the users >of a > >specific group that are in a specific OU. > > > >What is the correct method for doing this? Should I be linking the GPO >to > >the OU or should I be using security permissions at the domain level? > > > >Thanks for any help, > > > >Matt Fowler > >LAN Specialist > >(847)925-6113 > >mfowler@xxxxxxxxxxxxxxx > >******************************************************** > >This Weeks Sponsor StressedPuppy.com Games > >Feeling stressed out? Check out our games to > >relieve your stress. > >http://www.StressedPuppy.com > >******************************************************** > >To Unsubscribe, set digest or vacation > >mode or view archives use the below link. > > > >http://thethin.net/win2000list.cfm > >******************************************************** > >This Weeks Sponsor StressedPuppy.com Games > >Feeling stressed out? Check out our games to > >relieve your stress. > >http://www.StressedPuppy.com > >******************************************************** > >To Unsubscribe, set digest or vacation > >mode or view archives use the below link. > > > >http://thethin.net/win2000list.cfm > >Matt Fowler >LAN Specialist >(847)925-6113 >mfowler@xxxxxxxxxxxxxxx >******************************************************** >This Weeks Sponsor StressedPuppy.com Games >Feeling stressed out? Check out our games to >relieve your stress. >http://www.StressedPuppy.com >******************************************************** >To Unsubscribe, set digest or vacation >mode or view archives use the below link. > >http://thethin.net/win2000list.cfm > > >******************************************************** >This Weeks Sponsor StressedPuppy.com Games >Feeling stressed out? Check out our games to >relieve your stress. >http://www.StressedPuppy.com >******************************************************** >To Unsubscribe, set digest or vacation >mode or view archives use the below link. > >http://thethin.net/win2000list.cfm >******************************************************** >This Weeks Sponsor StressedPuppy.com Games >Feeling stressed out? Check out our games to >relieve your stress. >http://www.StressedPuppy.com >******************************************************** >To Unsubscribe, set digest or vacation >mode or view archives use the below link. > >http://thethin.net/win2000list.cfm Matt Fowler LAN Specialist (847)925-6113 mfowler@xxxxxxxxxxxxxxx ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm