Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Minimum password lenght GPO setting
Minimum password lenght GPO setting [message #162137] Thu, 15 October 2009 22:51 Go to next message
aconti  is currently offline aconti  United States
Messages: 113
Registered: August 2009
Senior Member
Hello,


if this setting is enabled for a particular pc what effect will this
policy have on users as I have enabled it but clients are all logging in
normally even if they have less than the required password letters or
does this setting have effect when applied to a DC and not a client pc

Thank you


--
aconti
------------------------------------------------------------ ------------
aconti's Profile: http://forums.techarena.in/members/73272.htm
View this thread: http://forums.techarena.in/active-directory/1259145.htm

http://forums.techarena.in
Re: Minimum password lenght GPO setting [message #162138 is a reply to message #162137] Thu, 15 October 2009 23:43 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"aconti" <aconti.404vva@DoNotSpam.com> wrote in message
news:aconti.404vva@DoNotSpam.com...
>
> Hello,
>
>
> if this setting is enabled for a particular pc what effect will this
> policy have on users as I have enabled it but clients are all logging in
> normally even if they have less than the required password letters or
> does this setting have effect when applied to a DC and not a client pc
>
> Thank you
>
>
> --
> aconti

Where did you enable this setting? At the domain level, or at the OU level?

FYI, with Windows 2003 and older, or Windows 2003/2008 scenario not yet at
2008 functional level, passwords and related settings can only be set at the
domain level for it to work. 2008 allows provisions to set it at the OU
level if in 2008 functional level.

Ace
Re: Minimum password lenght GPO setting [message #162141 is a reply to message #162137] Fri, 16 October 2009 03:18 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello aconti,

Without at least 2008 functional levels (2008 and higher OS) you are only
able to set a password policy on domain level in Active directory. So configured
password settings on OU will only effect the local computer if they are NOT
connected to the domain.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello,
>
> if this setting is enabled for a particular pc what effect will this
> policy have on users as I have enabled it but clients are all logging
> in normally even if they have less than the required password letters
> or does this setting have effect when applied to a DC and not a client
> pc
>
> Thank you
>
> http://forums.techarena.in
>
Re: Minimum password lenght GPO setting [message #288518 is a reply to message #162141] Sat, 17 October 2009 23:02 Go to previous messageGo to next message
aconti  is currently offline aconti  United States
Messages: 113
Registered: August 2009
Senior Member
Yes I have created it in the domain GPO and anyway function level is
server 2008 so it should have worked.

So let me confirm with you what this option does exactly, It does not
let any pc/server log in if the password of the account being used is
not longer than the minimum password specified correct ?


--
aconti
------------------------------------------------------------ ------------
aconti's Profile: http://forums.techarena.in/members/73272.htm
View this thread: http://forums.techarena.in/active-directory/1259145.htm

http://forums.techarena.in
Re: Minimum password lenght GPO setting [message #288578 is a reply to message #288518] Sun, 18 October 2009 00:37 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"aconti" <aconti.408l7b@DoNotSpam.com> wrote in message
news:aconti.408l7b@DoNotSpam.com...
>
> Yes I have created it in the domain GPO and anyway function level is
> server 2008 so it should have worked.
>
> So let me confirm with you what this option does exactly, It does not
> let any pc/server log in if the password of the account being used is
> not longer than the minimum password specified correct ?
>
>
> --
> aconti


Well, there's a catch-22 here. If you are going to set a longer password
requirement, you should make sure all users have changed their passwords
first prior to setting this setting. I remembe reading a write up on this,
but can't remember where, but that was one of the nuances when trying to
increase security and password minimal requirements.

Ace
Re: Minimum password lenght GPO setting [message #289541 is a reply to message #288518] Sun, 18 October 2009 06:01 Go to previous message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello aconti,

Just having the functional level 2008 will not change the domain/OU based
GPO setting for password/account policy.

To set password policy on that level you have to use 'Fine grained password
policy' according to:
http://technet.microsoft.com/en-us/library/cc770394(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc770842(WS.10).aspx

The password length in the GPO will be used for new created accounts and
will take in effect if the existing accounts are requested to change it(according
to the current settings) or change the password manual themself.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Yes I have created it in the domain GPO and anyway function level is
> server 2008 so it should have worked.
>
> So let me confirm with you what this option does exactly, It does not
> let any pc/server log in if the password of the account being used is
> not longer than the minimum password specified correct ?
>
> http://forums.techarena.in
>
Previous Topic:GPO vs Security Configuration and Analysis Utility
Next Topic:RODC
Goto Forum:
  


Current Time: Wed Jan 17 04:13:24 MST 2018

Total time taken to generate the page: 0.02338 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software