[gptalk] Re: Password Policy

  • From: "Dave Palombi" <dave.palombi@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Thu, 17 Apr 2008 17:33:35 -0400

That is great thanks.

Dave

On Thu, Apr 17, 2008 at 5:25 PM, Cruz, Jerome L <jerome.l.cruz@xxxxxxxxxx>
wrote:

>  From a Domain perspective, password policy settings essentially apply the
> new settings when the passwords are "changed". For example, say you have a
> "Maximum password age" set to 90 days (3 months). You then enable the
> "Password must meet complexity requirements" setting. At that point all
> users "changing" passwords will have to use complex password as the
> passwords are cycled for each user over the next 3 months. It'll take three
> months to apply. Also, your user account (usually service accounts) which
> may never expire will never be switched to using a complex password.
>
>
>
> We have over 150,000+ users and made a similar switch recently. No issues.
> All End User accounts are now switched and did so a bit at a time daily as
> they expired.
>
>
>
> Jerry
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Dave Palombi
> *Sent:* Thursday, April 17, 2008 1:26 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Password Policy
>
>
>
> What would happen if I changed the policy?  Would users be asked to change
> their passwords right away?
>
> Dave
>
> On Thu, Apr 17, 2008 at 3:18 PM, Dave Palombi <dave.palombi@xxxxxxxxx>
> wrote:
>
> Darren,
>
> Thanks for the info.  We are trying to migrate certain sections with
> different password policy's until everyone has been done then one big policy
> at the end.  How would I be able to achive this.
>
> Dave
>
>
>
> On Thu, Apr 17, 2008 at 3:14 PM, Darren Mar-Elia <darren@xxxxxxxxxx>
> wrote:
>
> Dave-
>
> Are you trying to apply password policy to a domain user or a local user
> account on a workstation or member server? Password policy, as you've
> noticed, does not apply to users. IT applies only to computers where the
> accounts reside. In the case of domain user accounts (i.e. held in AD), you
> can only set one password policy for a given domain and that must be in a
> GPO linked at the domain level. For local user accounts—those housed on
> member servers and workstations, you have to make sure that the GPO is
> linked to those containers where those computers reside, not the users.
>
>
>
> Darren
>
>
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Dave Palombi
> *Sent:* Thursday, April 17, 2008 12:08 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Password Policy
>
>
>
> Hello,
>
> I have a question about implementing a password policy.  I am trying to
> implement a password policy and it works but it is not being applied to the
> user.  All settings are with in the computer settings.  When I do a
> gpresult, the policy shows under not applied section and this it says
> filtering: not applied (empty)
>
> Your thoughts.
>
> Dave
>
>
>
>
>

Other related posts: