|
Posted by Vincent Hsieh on December 26, 2006, 7:37 pm
Please log in for more thread options
Hi there,
I would like to change password policy on NT 2 server that is windows 2003.
NT 2 was joined
to domain NT 1. I don't want to change the whole domain password policy. I
only
want to change NT 2 password policy.
Then I follow the following procedures from Windows 2003 server help:
=================================================================
For a domain, and you are on a member server or a workstation that is joined
to the domain
1.
Open Microsoft Management Console (MMC).
2.
On the File menu, click Add/Remove Snap-in, and then click Add.
3.
Click Group Policy Object Editor, and then click Add.
4.
In Select Group Policy Object, click Browse.
5.
In Browse for a Group Policy Object, select a Group Policy object (GPO)
in the appropriate domain, site, or organizational unit--or create a new
one, click OK, and then click Finish.
6.
Click Close, and then click OK.
7.
In the console tree, click Password Policy.
Where?
. Group Policy Object [computer name] Policy/Computer
Configuration/Windows Settings/Security Settings/Account Policies/Password
Policy
8.
In the details pane, right-click the policy setting that you want, and
then click Properties.
9.
If you are defining this policy setting for the first time, select the
Define this policy setting check box.
10.
Select the options that you want, and then click OK.
=================================================================
When I right click "Mininum policy length", it is still grey out.
Could you tell me why it is grey out?
Now I have set up the domain password policy on NT 1 server, will it
override NT 2 password policy
and do not allow to change NT 2 password polciy?
Thank you,
Vincent
|
|
Posted by Danny Sanders on December 27, 2006, 10:29 am
Please log in for more thread options
A Windows 2003 domain can only have one account policy.
hth
DDS
show/hide quoted text
> Hi there,
> I would like to change password policy on NT 2 server that is windows
> 2003.
> NT 2 was joined
> to domain NT 1. I don't want to change the whole domain password policy. I
> only
> want to change NT 2 password policy.
> Then I follow the following procedures from Windows 2003 server help:
> =================================================================
> For a domain, and you are on a member server or a workstation that is
> joined
> to the domain
> 1.
> Open Microsoft Management Console (MMC).
> 2.
> On the File menu, click Add/Remove Snap-in, and then click Add.
> 3.
> Click Group Policy Object Editor, and then click Add.
> 4.
> In Select Group Policy Object, click Browse.
> 5.
> In Browse for a Group Policy Object, select a Group Policy object
> (GPO)
> in the appropriate domain, site, or organizational unit--or create a new
> one, click OK, and then click Finish.
> 6.
> Click Close, and then click OK.
> 7.
> In the console tree, click Password Policy.
> Where?
> . Group Policy Object [computer name] Policy/Computer
> Configuration/Windows Settings/Security Settings/Account Policies/Password
> Policy
> 8.
> In the details pane, right-click the policy setting that you want, and
> then click Properties.
> 9.
> If you are defining this policy setting for the first time, select the
> Define this policy setting check box.
> 10.
> Select the options that you want, and then click OK.
> =================================================================
> When I right click "Mininum policy length", it is still grey out.
> Could you tell me why it is grey out?
> Now I have set up the domain password policy on NT 1 server, will it
> override NT 2 password policy
> and do not allow to change NT 2 password polciy?
> Thank you,
> Vincent
>
|
|
Posted by Vincent Hsieh on December 27, 2006, 12:44 pm
Please log in for more thread options Hello DDS,
Thank you for your help.
If I set up a domain account policy, then can I disable
account policy on a computer that is under this domain?
Vincent
show/hide quoted text
> A Windows 2003 domain can only have one account policy.
> hth
> DDS
> > Hi there,
> > I would like to change password policy on NT 2 server that is windows
> > 2003.
> > NT 2 was joined
> > to domain NT 1. I don't want to change the whole domain password policy.
I
show/hide quoted text
> > only
> > want to change NT 2 password policy.
> > Then I follow the following procedures from Windows 2003 server help:
> > =================================================================
> > For a domain, and you are on a member server or a workstation that is
> > joined
> > to the domain
> > 1.
> > Open Microsoft Management Console (MMC).
> > 2.
> > On the File menu, click Add/Remove Snap-in, and then click Add.
> > 3.
> > Click Group Policy Object Editor, and then click Add.
> > 4.
> > In Select Group Policy Object, click Browse.
> > 5.
> > In Browse for a Group Policy Object, select a Group Policy object
> > (GPO)
> > in the appropriate domain, site, or organizational unit--or create a new
> > one, click OK, and then click Finish.
> > 6.
> > Click Close, and then click OK.
> > 7.
> > In the console tree, click Password Policy.
> > Where?
> > . Group Policy Object [computer name] Policy/Computer
> > Configuration/Windows Settings/Security Settings/Account
Policies/Password
show/hide quoted text
> > Policy
> > 8.
> > In the details pane, right-click the policy setting that you want,
and
show/hide quoted text
> > then click Properties.
> > 9.
> > If you are defining this policy setting for the first time, select
the
show/hide quoted text
> > Define this policy setting check box.
> > 10.
> > Select the options that you want, and then click OK.
> > =================================================================
> > When I right click "Mininum policy length", it is still grey out.
> > Could you tell me why it is grey out?
> > Now I have set up the domain password policy on NT 1 server, will
it
show/hide quoted text
> > override NT 2 password policy
> > and do not allow to change NT 2 password polciy?
> > Thank you,
> > Vincent
|
|
Posted by Joe Richards [MVP] on December 27, 2006, 11:09 am
Please log in for more thread options The password policy for domain accounts is currently domain wide. You
cannot do what you are describing without third party tools or multiple
domains.
The question I have though is why would you want to... This would lead
to a very inconsistent environment.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Vincent Hsieh wrote:
show/hide quoted text
> Hi there,
> I would like to change password policy on NT 2 server that is windows 2003.
> NT 2 was joined
> to domain NT 1. I don't want to change the whole domain password policy. I
> only
> want to change NT 2 password policy.
>
> Then I follow the following procedures from Windows 2003 server help:
> =================================================================
> For a domain, and you are on a member server or a workstation that is joined
> to the domain
> 1.
> Open Microsoft Management Console (MMC).
>
> 2.
> On the File menu, click Add/Remove Snap-in, and then click Add.
>
> 3.
> Click Group Policy Object Editor, and then click Add.
>
> 4.
> In Select Group Policy Object, click Browse.
>
> 5.
> In Browse for a Group Policy Object, select a Group Policy object (GPO)
> in the appropriate domain, site, or organizational unit--or create a new
> one, click OK, and then click Finish.
>
> 6.
> Click Close, and then click OK.
>
> 7.
> In the console tree, click Password Policy.
>
> Where?
>
> . Group Policy Object [computer name] Policy/Computer
> Configuration/Windows Settings/Security Settings/Account Policies/Password
> Policy
>
>
> 8.
> In the details pane, right-click the policy setting that you want, and
> then click Properties.
>
> 9.
> If you are defining this policy setting for the first time, select the
> Define this policy setting check box.
>
> 10.
> Select the options that you want, and then click OK.
>
> =================================================================
>
> When I right click "Mininum policy length", it is still grey out.
> Could you tell me why it is grey out?
> Now I have set up the domain password policy on NT 1 server, will it
> override NT 2 password policy
> and do not allow to change NT 2 password polciy?
>
> Thank you,
> Vincent
>
>
>
>
>
>
>
>
>
>
>
|
|
Posted by Vincent Hsieh on December 27, 2006, 12:56 pm
Please log in for more thread options Hello Joe,
Thank you for your quick help.
When you said "domain wide", I don't really understand it. For example,
can I have a domain account policy, then I would like to disable the
account policy on a computer under this domain. Is it possible to do
that?
Can you tell me the precedence sequence on the password policy about
domain server and a computer that is under this domain?
Thank you,
Vincent
show/hide quoted text
> The password policy for domain accounts is currently domain wide. You
> cannot do what you are describing without third party tools or multiple
> domains.
> The question I have though is why would you want to... This would lead
> to a very inconsistent environment.
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
> ---O'Reilly Active Directory Third Edition now available---
> http://www.joeware.net/win/ad3e.htm
> Vincent Hsieh wrote:
> > Hi there,
> > I would like to change password policy on NT 2 server that is windows
2003.
show/hide quoted text
> > NT 2 was joined
> > to domain NT 1. I don't want to change the whole domain password policy.
I
show/hide quoted text
> > only
> > want to change NT 2 password policy.
> > Then I follow the following procedures from Windows 2003 server help:
> > =================================================================
> > For a domain, and you are on a member server or a workstation that is
joined
show/hide quoted text
> > to the domain
> > 1.
> > Open Microsoft Management Console (MMC).
> > 2.
> > On the File menu, click Add/Remove Snap-in, and then click Add.
> > 3.
> > Click Group Policy Object Editor, and then click Add.
> > 4.
> > In Select Group Policy Object, click Browse.
> > 5.
> > In Browse for a Group Policy Object, select a Group Policy object
(GPO)
show/hide quoted text
> > in the appropriate domain, site, or organizational unit--or create a new
> > one, click OK, and then click Finish.
> > 6.
> > Click Close, and then click OK.
> > 7.
> > In the console tree, click Password Policy.
> > Where?
> > . Group Policy Object [computer name] Policy/Computer
> > Configuration/Windows Settings/Security Settings/Account
Policies/Password
show/hide quoted text
> > Policy
> > 8.
> > In the details pane, right-click the policy setting that you want,
and
show/hide quoted text
> > then click Properties.
> > 9.
> > If you are defining this policy setting for the first time, select
the
show/hide quoted text
> > Define this policy setting check box.
> > 10.
> > Select the options that you want, and then click OK.
> > =================================================================
> > When I right click "Mininum policy length", it is still grey out.
> > Could you tell me why it is grey out?
> > Now I have set up the domain password policy on NT 1 server, will
it
show/hide quoted text
> > override NT 2 password policy
> > and do not allow to change NT 2 password polciy?
> > Thank you,
> > Vincent
|
| Similar Threads | Posted | | Security Policy Can't be apply | January 28, 2008, 11:37 pm |
| URGENT: Windows XP does not apply custom template policy | October 9, 2008, 2:09 pm |
| Failed to apply User Policy from GPO on Windows XP. Event ID 1086 | October 10, 2008, 1:34 am |
| how to limit users in group administrators to modify administor's password and groups in windows 2003 server | September 22, 2009, 5:37 am |
| GPO - password policy - Urgent | February 2, 2006, 11:34 am |
| Server password age - without a policy | May 7, 2006, 9:33 pm |
| Password Policy require server restart | March 11, 2006, 9:37 am |
| Windows 2003 domain password policy | September 26, 2006, 9:53 pm |
| Password Security Policy for Local on Window 2003 | March 14, 2008, 4:10 pm |
| Re: Password management policy when an admin left the company ? | June 8, 2009, 10:00 am |
|
XML Sitemap
> I would like to change password policy on NT 2 server that is windows
> 2003.
> NT 2 was joined
> to domain NT 1. I don't want to change the whole domain password policy. I
> only
> want to change NT 2 password policy.
> Then I follow the following procedures from Windows 2003 server help:
> =================================================================
> For a domain, and you are on a member server or a workstation that is
> joined
> to the domain
> 1.
> Open Microsoft Management Console (MMC).
> 2.
> On the File menu, click Add/Remove Snap-in, and then click Add.
> 3.
> Click Group Policy Object Editor, and then click Add.
> 4.
> In Select Group Policy Object, click Browse.
> 5.
> In Browse for a Group Policy Object, select a Group Policy object
> (GPO)
> in the appropriate domain, site, or organizational unit--or create a new
> one, click OK, and then click Finish.
> 6.
> Click Close, and then click OK.
> 7.
> In the console tree, click Password Policy.
> Where?
> . Group Policy Object [computer name] Policy/Computer
> Configuration/Windows Settings/Security Settings/Account Policies/Password
> Policy
> 8.
> In the details pane, right-click the policy setting that you want, and
> then click Properties.
> 9.
> If you are defining this policy setting for the first time, select the
> Define this policy setting check box.
> 10.
> Select the options that you want, and then click OK.
> =================================================================
> When I right click "Mininum policy length", it is still grey out.
> Could you tell me why it is grey out?
> Now I have set up the domain password policy on NT 1 server, will it
> override NT 2 password policy
> and do not allow to change NT 2 password polciy?
> Thank you,
> Vincent
>