nV News Forums

 
 

nV News Forums (http://www.nvnews.net/vbulletin/index.php)
-   Networking And Security (http://www.nvnews.net/vbulletin/forumdisplay.php?f=58)
-   -   Stumper: Password policy on W2k3 Domain (http://www.nvnews.net/vbulletin/showthread.php?t=97512)

Q 08-29-07 02:30 PM

Stumper: Password policy on W2k3 Domain
 
Is there a way to set password policy in on a W2k3 domain so that you can have a different policy for your different OU's? Right now, with the new state security restrictions, we have to set a password policy globally that requires complex passwords, 90 day expirations, and a 15min screen lock. For computer labs and Smart Classrooms, this is obviously a problem. We've searched high and low for a solution, but there seems to be no way to set the policy per OU. We could have a subdomain for the labs and class rooms, but we need them to be able to access the resources of the main domain. Ideally, we need the 15 min lockout and complexity requirements on most OU's with a much less restrictive policy on the labs and classrooms.

Pre July 1st, we had a generic login for the labs with an easy password. We're working around this problem at this time. The classroom machines are joined to the domain, but also have a local login (which now needs to meet the global policy, as well) for them. We need to have domain access occasionally on these machines (it takes forever to build the profiles), but mainly we need a quick username and password for quick login to the machines... The OU specific policy could really help us out.

Any ideas? Evilghost/evilchris... I'm looking at you two. :D


Edit: Is this more of a Windows problem or Networking? I forgot we had that nifty forum. ;)

Q 08-29-07 08:03 PM

Re: Stumper: Password policy on W2k3 Domain
 
I've been doing some research, and it looks like its just a lame limit of W2k3. There are some programs, such as this here...

https://www.anixis.com/store/buy.asp...x=40&Next.y=14

But its $2,000 for 1000 users. I don't think we have the budget for that. Some people claim to have limited success by writing their own password filters, but I need a 100% solution. I guess we may just have to wait until Server 08 gets released and stable...

evilghost 08-29-07 08:27 PM

Re: Stumper: Password policy on W2k3 Domain
 
I wish I could help, I was going to say a per-OU GPO but it looks like it isn't possible. Unless you create your own change-password wrapper with proper sanitization it looks like your stuck waiting for MS Bloatware 2008, featureless edition.

Q 08-29-07 08:45 PM

Re: Stumper: Password policy on W2k3 Domain
 
Quote:

Originally Posted by evilghost
I wish I could help, I was going to say a per-OU GPO but it looks like it isn't possible. Unless you create your own change-password wrapper with proper sanitization it looks like your stuck waiting for MS Bloatware 2008, featureless edition.

You know what.... they'll probably advertise this as a HUGE feature. Something that you should have been able to do in W2k server, but had to wait 10 GD years, 2 versions, and several thousand dollars for.

And where is King Microsoft, radekhulan? He is supposed to help me with this superior product! ;)

DiscipleDOC 08-30-07 09:19 AM

Re: Stumper: Password policy on W2k3 Domain
 
Why not define different policies for different ou's?

Q 08-30-07 10:06 AM

Re: Stumper: Password policy on W2k3 Domain
 
Quote:

Originally Posted by DiscipleDOC
Why not define different policies for different ou's?

W2k3 won't let you assign password policy by OU... at least not easily.

evilchris 08-30-07 11:27 AM

Re: Stumper: Password policy on W2k3 Domain
 
it's Domain level, sorry. Make 40 domains instead, lol

Q 08-30-07 01:13 PM

Re: Stumper: Password policy on W2k3 Domain
 
Quote:

Originally Posted by evilchris
it's Domain level, sorry. Make 40 domains instead, lol

Yeah, that's what I thought. We might make another two subdomains, then just have a script that maps the main domain resources. Of course, mapping domain resources via scripting is hit or miss at times.


All times are GMT -5. The time now is 06:54 PM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.