Go Back   nV News Forums > Software Forums > Networking And Security

Newegg Daily Deals

Reply
 
Thread Tools
Old 08-29-07, 02:30 PM   #1
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Stumper: Password policy on W2k3 Domain

Is there a way to set password policy in on a W2k3 domain so that you can have a different policy for your different OU's? Right now, with the new state security restrictions, we have to set a password policy globally that requires complex passwords, 90 day expirations, and a 15min screen lock. For computer labs and Smart Classrooms, this is obviously a problem. We've searched high and low for a solution, but there seems to be no way to set the policy per OU. We could have a subdomain for the labs and class rooms, but we need them to be able to access the resources of the main domain. Ideally, we need the 15 min lockout and complexity requirements on most OU's with a much less restrictive policy on the labs and classrooms.

Pre July 1st, we had a generic login for the labs with an easy password. We're working around this problem at this time. The classroom machines are joined to the domain, but also have a local login (which now needs to meet the global policy, as well) for them. We need to have domain access occasionally on these machines (it takes forever to build the profiles), but mainly we need a quick username and password for quick login to the machines... The OU specific policy could really help us out.

Any ideas? Evilghost/evilchris... I'm looking at you two.


Edit: Is this more of a Windows problem or Networking? I forgot we had that nifty forum.
Q is offline   Reply With Quote
Old 08-29-07, 08:03 PM   #2
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Re: Stumper: Password policy on W2k3 Domain

I've been doing some research, and it looks like its just a lame limit of W2k3. There are some programs, such as this here...

https://www.anixis.com/store/buy.asp...x=40&Next.y=14

But its $2,000 for 1000 users. I don't think we have the budget for that. Some people claim to have limited success by writing their own password filters, but I need a 100% solution. I guess we may just have to wait until Server 08 gets released and stable...
Q is offline   Reply With Quote
Old 08-29-07, 08:27 PM   #3
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Stumper: Password policy on W2k3 Domain

I wish I could help, I was going to say a per-OU GPO but it looks like it isn't possible. Unless you create your own change-password wrapper with proper sanitization it looks like your stuck waiting for MS Bloatware 2008, featureless edition.
evilghost is offline   Reply With Quote
Old 08-29-07, 08:45 PM   #4
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Re: Stumper: Password policy on W2k3 Domain

Quote:
Originally Posted by evilghost
I wish I could help, I was going to say a per-OU GPO but it looks like it isn't possible. Unless you create your own change-password wrapper with proper sanitization it looks like your stuck waiting for MS Bloatware 2008, featureless edition.
You know what.... they'll probably advertise this as a HUGE feature. Something that you should have been able to do in W2k server, but had to wait 10 GD years, 2 versions, and several thousand dollars for.

And where is King Microsoft, radekhulan? He is supposed to help me with this superior product!
Q is offline   Reply With Quote
Old 08-30-07, 09:19 AM   #5
DiscipleDOC
 
DiscipleDOC's Avatar
 
Join Date: Dec 2002
Location: Alabama, Planet Earth
Posts: 5,993
Default Re: Stumper: Password policy on W2k3 Domain

Why not define different policies for different ou's?
DiscipleDOC is offline   Reply With Quote
Old 08-30-07, 10:06 AM   #6
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Re: Stumper: Password policy on W2k3 Domain

Quote:
Originally Posted by DiscipleDOC
Why not define different policies for different ou's?
W2k3 won't let you assign password policy by OU... at least not easily.
Q is offline   Reply With Quote
Old 08-30-07, 11:27 AM   #7
evilchris
 
evilchris's Avatar
 
Join Date: Nov 2003
Location: San Diego, CA
Posts: 4,411
Default Re: Stumper: Password policy on W2k3 Domain

it's Domain level, sorry. Make 40 domains instead, lol
__________________
[CENTER][SIGPIC][/SIGPIC]
[/CENTER][B][CENTER]--Communist Party of America--[/CENTER][/B]
evilchris is offline   Reply With Quote
Old 08-30-07, 01:13 PM   #8
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Re: Stumper: Password policy on W2k3 Domain

Quote:
Originally Posted by evilchris
it's Domain level, sorry. Make 40 domains instead, lol
Yeah, that's what I thought. We might make another two subdomains, then just have a script that maps the main domain resources. Of course, mapping domain resources via scripting is hit or miss at times.
Q is offline   Reply With Quote

Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 01:50 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.