Active Directory/Group Policy: Enforcing a Password Policy
-
OK, I can't work this out. What we'd like to do is to set the password policy for the domain user accounts only, not affecting any local accounts created on the workstations which are members of the domain. Ideally, we'd like to set different policies for different subsets of users, but I don't think that's possible. We often have to test hand-held systems connecting through RAS to an FTP server, for example, and don't want to have to fit the password scheme for these systems (where it's often pretty hard to type extended characters, for example!) into the domain password policy. Anyone know if what I'm after is possible, and if so, how do I get it to work? I already know that I can edit the Default Domain Policy to apply password policy. So far I've tried adding a new GPO ('Password Restrictions') to the Domain Controllers OU. Resultant Set Of Policy (Planning) on the domain controller shows the correct settings, but Resultant Set of Policy (Logging) does not. Running
gpupdatehas no effect, even with the/forceswitch. The domain controller runs Windows Server 2003 and the domain is at Windows 2000 Native functional level. Stability. What an interesting concept. -- Chris Maunder -
OK, I can't work this out. What we'd like to do is to set the password policy for the domain user accounts only, not affecting any local accounts created on the workstations which are members of the domain. Ideally, we'd like to set different policies for different subsets of users, but I don't think that's possible. We often have to test hand-held systems connecting through RAS to an FTP server, for example, and don't want to have to fit the password scheme for these systems (where it's often pretty hard to type extended characters, for example!) into the domain password policy. Anyone know if what I'm after is possible, and if so, how do I get it to work? I already know that I can edit the Default Domain Policy to apply password policy. So far I've tried adding a new GPO ('Password Restrictions') to the Domain Controllers OU. Resultant Set Of Policy (Planning) on the domain controller shows the correct settings, but Resultant Set of Policy (Logging) does not. Running
gpupdatehas no effect, even with the/forceswitch. The domain controller runs Windows Server 2003 and the domain is at Windows 2000 Native functional level. Stability. What an interesting concept. -- Chris MaunderIf anyone finds this post, I can now add that it doesn't appear to be possible to do what I wanted to do. Useful resources: Enforcing Strong Password Policies[^] Active Directory Step-by-Step Guides[^] Stability. What an interesting concept. -- Chris Maunder