No announcement yet.

Password Policy

  • Filter
  • Time
  • Show
Clear All
new posts

  • Password Policy

    In a 2003 Domain, is it possible to enforce a password policy at an OU level

  • #2
    Re: Password Policy

    Only if it is applied to the whole Domain. Maybe I just should have typed no.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2


    • #3
      Re: Password Policy

      Windows 2003 domain can have only one password policy which will be propagated from the root level. You can't have OU level password policy nor you can exempt it from any OU.

      This feature is available in windows 2008 server. Fine grained password policy.


      • #4
        Re: Password Policy

        You could filter the application of the GPO so it does not apply to all, but this is getting fiddly

        A clarification -- the FGP applies to users or groups, not to an OU, and it requires use of adsiedit (not for the faint-hearted) to create the policy

        All in all a good idea flawed by poor implementation -- why not use GPOs below the domain level?

        EDIT -- there appears to be a tool to manage them
        Looks worth investigating further
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd

        ** Remember to give credit where credit is due and leave reputation points where appropriate **