How to set specific password policy to specific users to specific workstations?

How to set specific password policy to specific users to specific workstations?

Post by tsztu » Sun, 24 May 2009 09:05:13


So I want to set a new policy for specific domain users and/or on
specific workstations.
The reason for not doing it domain wide all at once is because I want
to test the enviroment and slow add users to the new policy to make
the transition smoother.

Can I create a security policy and add this policy on a per user (or
group) basis?

Also, once I set this policy and if the user(s) do not meet this after
logging on will it ask to re-enter a new password or does this only
affect new users or users that try changing their passwords again?

TIA!

t.
 
 
 

How to set specific password policy to specific users to specific workstations?

Post by Meinolf We » Sun, 24 May 2009 18:28:19

Hello XXXX@XXXXX.COM ,

If you use OS prior 2008 you can't do it with MS, password policy MUST be
set on domain level. If you find some 3rd party tool, it's the only way.

In 2008 you can use Fine grained password policies:
http://www.yqcomputer.com/

http://www.yqcomputer.com/

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.yqcomputer.com/

 
 
 

How to set specific password policy to specific users to specific workstations?

Post by Tom » Mon, 25 May 2009 00:10:03

Thanks Meinolf,

What will happen when users try logging on after I set the domain wide
security policy?
Will it ask them to re-type in a new password when they try logging on
again if their current password is not strong enough? Or will it stay
the same and the policy only kicks into place once they try changing
their passwords or if I select "Change password at next logon" ?

will this affect an Administrator password? is there any chance the
domain Administrator would be locked out after applying these changes?


thanks.
 
 
 

How to set specific password policy to specific users to specific workstations?

Post by Meinolf We » Mon, 25 May 2009 02:44:53

Hello Tom,

The changes apply at the next change interval or when the user changes the
password themself. So not directly if they logon the next time.

No, the administrator will not be locked out because you change the policy,
of course you must reset it all places where the administrator account was
used for. Hopefully you did use service accounts instead of using always
the administrator.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.yqcomputer.com/