Announcement

Collapse
No announcement yet.

Enable strong password policy

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Enable strong password policy

    hi,

    we need to implement a strong password GPO in our company.

    our AD forest is implemented as follows:

    we have a parent domain and two child domains. on one of the child domains, this GPO needs to be enabled.

    is it better to edit the default domain policy or create a new one-say:

    domain password policy

    and edit the settings in there?

    also we need to exclude several OUs from this. which is the best way to accomplish this? use no override?

  • #2
    Re: Enable strong password policy

    For best practices I would leave the defaul tdomain policy alone. (not saying you cant create it there) When you create yoru policies create a new one and name is something friendly. (better management that way) if for some reason you perform a CLM on that default domain policy you cannot get it back at least the others ya can. Just my 2 cents worth
    You may also want to consider pushing it out from the "parent domain" you can also use GPO filtering to decide which domains get it or not in that case you can filter what user group(s) get that policy (or any policy for that atter)

    P.s CLM = Career Limiting Move
    Last edited by PLANZ; 27th December 2007, 04:57.

    Comment


    • #3
      Re: Enable strong password policy

      Originally posted by PLANZ View Post
      For best practices I would leave the defaul tdomain policy alone. (not saying you cant create it there) When you create yoru policies create a new one and name is something friendly. (better management that way) if for some reason you perform a CLM on that default domain policy you cannot get it back at least the others ya can. Just my 2 cents worth
      You may also want to consider pushing it out from the "parent domain" you can also use GPO filtering to decide which domains get it or not in that case you can filter what user group(s) get that policy (or any policy for that atter)
      P.s CLM = Career Limiting Move
      Policies do not inherent over domains.
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment


      • #4
        Re: Enable strong password policy

        Hey.........

        Remember password policies can only be set at domain level not at OU level.

        Ya........ I know that you can set the password policy at OU level also but that will not get applied to the domain users in that OU. It will effect the local users of the computers that are in that OU.

        Yes, In Windows 2008 we have the option to have different settings for different OUs.

        So do not try any option related to password policy at OU level....

        Regards,
        Kapil Sharma
        ~~~~~~~~~~~~~
        Life is too short, Enjoy It.

        Comment


        • #5
          Re: Enable strong password policy

          Thanks Kapil.........

          It helped me. I was looking for the same for last long time.

          Thanks,
          Vis

          Comment

          Working...
          X