Multiple Password Policies?

microsoft.public.windows.server.security - Supporting MS Windows network? Read here before it's too late! 

Subject Author Date Multiple Password Policies? News Users 06-22-2005  Re: Multiple Password Policies? Roger Abell 06-22-2005  Re: Multiple Password Policies? S. Pidgorny 06-22-2005  Re: Multiple Password Policies? Roger Abell 06-22-2005  Re: Multiple Password Policies? Steven L Umbach 06-23-2005

Posted by News Users on June 22, 2005, 12:15 pm Please log in for more thread options I'm assuming that on the basis that a password policies is specific to the domain controller GPO that I cant set different/multiple password strengths and policies for different users? Or can I? Cheers Tim Posted by Roger Abell on June 22, 2005, 6:45 am Please log in for more thread options Within a single account realm, like a domain, you can only have variable password policies by use of custom or third-party extensions, like password filters. What is pre-built is one size fits all. However, as Slav mentioned in another thread, you can consider use of smart cards to the cases where you want strength and set the blanket policy for the rest. -- Roger Abell Microsoft MVP (Windows Security) show/hide quoted text > I'm assuming that on the basis that a password policies is specific to the > domain controller GPO that I cant set different/multiple password strengths show/hide quoted text > and policies for different users? > Or can I? > Cheers > Tim Posted by S. Pidgorny on June 22, 2005, 9:57 pm Please log in for more thread options Nope security policy is per domain -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- show/hide quoted text > I'm assuming that on the basis that a password policies is specific to the > domain controller GPO that I cant set different/multiple password strengths show/hide quoted text > and policies for different users? > Or can I? > Cheers > Tim Posted by Roger Abell on June 22, 2005, 6:43 am Please log in for more thread options Careful Slav, Security Policy is more than just Account Policy. The former can be varied, except for specific parts as the later. -- Roger show/hide quoted text > Nope security policy is per domain > -- > Svyatoslav Pidgorny, MS MVP - Security, MCSE > -= F1 is the key =- > > I'm assuming that on the basis that a password policies is specific to the show/hide quoted text > > domain controller GPO that I cant set different/multiple password > strengths > > and policies for different users? > > Or can I? > > Cheers > > Tim Posted by Steven L Umbach on June 23, 2005, 10:57 pm Please log in for more thread options For "domain" users this is only configured at the domain level - not at the domain controller container though domain controllers read the account/password policy from the domain container. Also when you configure security policy keep in mind that it is computer configuration - not user configuration. Roger's suggestions for an alternative passfilt.dll or use of smart cards would be a work around to domain policy. Smart cards for at least domain administrators [of all groups] makes a lot of sense. --- Steve http://www.altusnet.com/passfilt/ --- a third party password filter. show/hide quoted text > I'm assuming that on the basis that a password policies is specific to the > domain controller GPO that I cant set different/multiple password > strengths and policies for different users? > Or can I? > Cheers > Tim > Similar Threads Posted Can I have multiple password policies? March 19, 2007, 1:17 am Firewall setting for multiple FTP sites using multiple ports September 12, 2006, 12:35 pm What security policies effect tasklist.exe password prompt behavior? February 29, 2008, 9:29 am Multiple CAs: Selection mechanism for autoenrollment? June 16, 2005, 1:14 pm Multiple user certificate thumbprint April 19, 2006, 10:04 pm Implementing PKI infrastructure in multiple forrests January 14, 2008, 2:47 pm Multiple Event ID 1015 warnings September 16, 2009, 10:20 am Security templates, problem with multiple settings July 26, 2005, 1:50 pm Multiple Event ID 529 Errors in Server 2003 April 10, 2006, 1:34 pm Adding multiple entries for the same user with xcacls... July 19, 2007, 2:21 pm