Click here to get back home

Password Security Policy for Local on Window 2003
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Password Security Policy for Local on Window 2003 saw 03-14-2008
Posted by saw on March 14, 2008, 4:10 pm
Please log in for more thread options
 I am trying to install a software that requires that the password be less
than 8 characters, which the security policy should only be applied to the
local machine only which is the server that I am trying to install the
application on.

Your feedback and recommendation would be appreciated.



Posted by Paul Adare on March 14, 2008, 8:21 pm
Please log in for more thread options
 On Fri, 14 Mar 2008 16:10:35 -0400, saw wrote:

> I am trying to install a software that requires that the password be less
> than 8 characters, which the security policy should only be applied to the
> local machine only which is the server that I am trying to install the
> application on.
>
> Your feedback and recommendation would be appreciated.

You have two separate issues here; one which is easy to resolve, the other
is more difficult.
To have password policy apply to local accounts you simply need to set the
Group Policy in a GPO that only affects the local computer and not in the
Default Domain Security Policy GPO. The Default Domain Security Policy GPO
is the only place you can set password policy if you want it to affect all
domain accounts. So, in your case you could create an OU that only contains
the server in question and create and link a GPO there, or, create and link
a GPO to the current OU and use security filtering such that only the
server in question processes the GPO.
The second issue, requiring a maximum password length of only 8 characters
is more difficult. The default password filter doesn't allow you to set a
maximum password length, so you'll need to search for a 3rd party password
filter that will allow this.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Profanity is the one language all programmers know best.

Posted by Paul Adare on March 19, 2008, 11:03 am
Please log in for more thread options
On Sun, 16 Mar 2008 23:33:27 -0700, Roger Abell [MVP] wrote:

>> On Fri, 14 Mar 2008 16:10:35 -0400, saw wrote:
>>
>>> I am trying to install a software that requires that the password be less
>>> than 8 characters, which the security policy should only be applied to
>>> the
>>> local machine only which is the server that I am trying to install the
>>> application on.
>>>
>>> Your feedback and recommendation would be appreciated.
>>
>> You have two separate issues here; one which is easy to resolve, the other
>> is more difficult.
>> To have password policy apply to local accounts you simply need to set the
>> Group Policy in a GPO that only affects the local computer and not in the
>> Default Domain Security Policy GPO. The Default Domain Security Policy GPO
>> is the only place you can set password policy if you want it to affect all
>> domain accounts. So, in your case you could create an OU that only
>> contains
>> the server in question and create and link a GPO there, or, create and
>> link
>> a GPO to the current OU and use security filtering such that only the
>> server in question processes the GPO.
>> The second issue, requiring a maximum password length of only 8 characters
>> is more difficult. The default password filter doesn't allow you to set a
>> maximum password length, so you'll need to search for a 3rd party password
>> filter that will allow this.
>>
>
> Poster does not need to enforce a maximun password length, but
> only needs to allow a short one for this software requirement.
> What you outline for allowing machine local accounts to have
> short passwords would be sufficient, assuming a domain account
> is not needed.

Sorry but a maximum password length is exactly what the poster is looking
for. He wants to make sure that no one creates a password longer than 8
characters. If that isn't defining a max password length then I don't know
what the definition would be.


--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Those who can't write, write help files.

Posted by Roger Abell [MVP] on March 23, 2008, 2:03 am
Please log in for more thread options
> On Sun, 16 Mar 2008 23:33:27 -0700, Roger Abell [MVP] wrote:
>
>>> On Fri, 14 Mar 2008 16:10:35 -0400, saw wrote:
>>>
>>>> I am trying to install a software that requires that the password be
>>>> less
>>>> than 8 characters, which the security policy should only be applied to
>>>> the
>>>> local machine only which is the server that I am trying to install the
>>>> application on.
>>>>
>>>> Your feedback and recommendation would be appreciated.
>>>
>>> You have two separate issues here; one which is easy to resolve, the
>>> other
>>> is more difficult.
>>> To have password policy apply to local accounts you simply need to set
>>> the
>>> Group Policy in a GPO that only affects the local computer and not in
>>> the
>>> Default Domain Security Policy GPO. The Default Domain Security Policy
>>> GPO
>>> is the only place you can set password policy if you want it to affect
>>> all
>>> domain accounts. So, in your case you could create an OU that only
>>> contains
>>> the server in question and create and link a GPO there, or, create and
>>> link
>>> a GPO to the current OU and use security filtering such that only the
>>> server in question processes the GPO.
>>> The second issue, requiring a maximum password length of only 8
>>> characters
>>> is more difficult. The default password filter doesn't allow you to set
>>> a
>>> maximum password length, so you'll need to search for a 3rd party
>>> password
>>> filter that will allow this.
>>>
>>
>> Poster does not need to enforce a maximun password length, but
>> only needs to allow a short one for this software requirement.
>> What you outline for allowing machine local accounts to have
>> short passwords would be sufficient, assuming a domain account
>> is not needed.
>
> Sorry but a maximum password length is exactly what the poster is looking
> for. He wants to make sure that no one creates a password longer than 8
> characters. If that isn't defining a max password length then I don't know
> what the definition would be.
>

No excusing is needed. I see your reading.
I was blind-sided by reading it as a vendor's install requiring
that the service account must be able to have a 7 char max pwd !
Nope, never even ready it otherwise :-)

Roger



Similar ThreadsPosted
Determining Window Server 2003 Security Policy for US Office November 8, 2005, 11:19 am
local security policy on windows 2003 server April 16, 2007, 10:28 am
Local Security Policy MMC secpol.msc error on Windows Server 2003 March 9, 2007, 10:01 am
Window Server 2003 R2 x64 Std Apache/PHP/Tomcat Security January 14, 2008, 4:54 am
Windows 2003 domain password policy September 26, 2006, 9:53 pm
Accessing Local Security Policy Programatically August 3, 2006, 11:35 am
Local Security Policy "Effective Settings" September 1, 2006, 7:24 pm
Unable to Open Local Security Policy September 1, 2006, 7:26 pm
unable to view configuration from Local Security Policy June 21, 2005, 10:07 pm
Windows Server 2003 default local administrator password? January 15, 2007, 10:20 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap