policy

Toggle sidebar Toggle sidebar
R

RH

Distinguished
Apr 16, 2004
39
0
18,530
Archived from groups: microsoft.public.win2000.group_policy (More info?)

This is a cross post since I didn't know whether Group
Policy or Active Directory newsgroups would be most
appropriate: On a W2K domain, I know I can set password
complexity, minimum length, expiration, etc. via domain
policy. My
question is which takes precedence: a) domain policy or
b) the check box on an individual user account
properties>account next to the "password never expires"?
If the check box overides domain policy, what about
password complexity in the policy? Is that passed down
to the user requiring complex password that then does not
expire? TIA. Ron
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

As far as I understand it, the "Password never expires"
checkbox will, if checked not enforce the
complexity 'rule' because that's something that would be
checked when the password is created/changed.

I would think if you:
made an account
gave it a password of one character
checked the never expire checkbox
THEN edit the domain policy to config:
complexity and length

You would still be able to use the account with a one
character password.

However, if you create a user after doing all this, you
would be subject to the domain policy and would have to
give it a 'complex' password, meeting your length
requirements... but it would not be subject to the
password expiring with the checkbox checked.

How confusing was I?... HTH

Ken
>-----Original Message-----
>This is a cross post since I didn't know whether Group
>Policy or Active Directory newsgroups would be most
>appropriate: On a W2K domain, I know I can set password
>complexity, minimum length, expiration, etc. via domain
>policy. My
>question is which takes precedence: a) domain policy or
>b) the check box on an individual user account
>properties>account next to the "password never expires"?
>If the check box overides domain policy, what about
>password complexity in the policy? Is that passed down
>to the user requiring complex password that then does
not
>expire? TIA. Ron
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks, Ken.
>-----Original Message-----
>As far as I understand it, the "Password never expires"
>checkbox will, if checked not enforce the
>complexity 'rule' because that's something that would be
>checked when the password is created/changed.
>
>I would think if you:
> made an account
> gave it a password of one character
> checked the never expire checkbox
> THEN edit the domain policy to config:
> complexity and length
>
>You would still be able to use the account with a one
>character password.
>
>However, if you create a user after doing all this, you
>would be subject to the domain policy and would have to
>give it a 'complex' password, meeting your length
>requirements... but it would not be subject to the
>password expiring with the checkbox checked.
>
>How confusing was I?... HTH
>
>Ken
>>-----Original Message-----
>>This is a cross post since I didn't know whether Group
>>Policy or Active Directory newsgroups would be most
>>appropriate: On a W2K domain, I know I can set password
>>complexity, minimum length, expiration, etc. via domain
>>policy. My
>>question is which takes precedence: a) domain policy
or
>>b) the check box on an individual user account
>>properties>account next to the "password never
expires"?
>>If the check box overides domain policy, what about
>>password complexity in the policy? Is that passed down
>>to the user requiring complex password that then does
>not
>>expire? TIA. Ron
>.
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom