| Author | Messages | |
decrosby
Posts:101
 | | 03/09/2010 3:22 PM |
| Question for the group. I researched legacy threads on this subject but didn't see any clear examples / strategies..If we wanted to implement a password policy beyond 14 characters say with 15 being a minimum, how do people manage that given GPO limitations.
Thanks.
Damian.
--------------------------------------------------------------------------
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
| | | |
| hcoleman
Posts:129
| | 03/09/2010 3:52 PM |
| What specific GPO limitations are you referring to?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: Tuesday, March 09, 2010 8:21 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] - 15 Character Passwords
Question for the group. I researched legacy threads on this subject but didn't see any clear examples / strategies..If we wanted to implement a password policy beyond 14 characters say with 15 being a minimum, how do people manage that given GPO limitations.
Thanks.
Damian.
________________________________
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
| | | |
| decrosby
Posts:101
| | 03/09/2010 3:58 PM |
| Hi,
Let me rephrase slightly..GPO appears to set a max min length to 14 characters. Does that change once the minimum password length attribute has been updated in AD to support say 15?
Thanks.
Damian.
________________________________
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Coleman, Hunter
Sent: 09 March 2010 15:52
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] - 15 Character Passwords
What specific GPO limitations are you referring to?
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: Tuesday, March 09, 2010 8:21 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] - 15 Character Passwords
Question for the group. I researched legacy threads on this subject but didn't see any clear examples / strategies..If we wanted to implement a password policy beyond 14 characters say with 15 being a minimum, how do people manage that given GPO limitations.
Thanks.
Damian.
________________________________
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
--------------------------------------------------------------------------
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
| | | |
| Bitzie
Posts:251
| | 03/09/2010 4:00 PM |
| That you can't set a requirement for 15 character passwords in the
native group policy.
Coleman, Hunter wrote:
>
> What specific GPO limitations are you referring to?
>
>
>
> *From:* activedir-owner@mail.activedir.org
> [mailto:activedir-owner@mail.activedir.org] *On Behalf Of *Crosby, Damian
> *Sent:* Tuesday, March 09, 2010 8:21 AM
> *To:* activedir@mail.activedir.org
> *Subject:* [ActiveDir] - 15 Character Passwords
>
>
>
> Question for the group. I researched legacy threads on this subject
> but didn't see any clear examples / strategies..If we wanted to
> implement a password policy beyond 14 characters say with 15 being a
> minimum, how do people manage that given GPO limitations.
>
>
>
> Thanks.
>
>
>
> Damian.
>
>
>
>
>
> ------------------------------------------------------------------------
>
> NOTICE: If received in error, please destroy, and notify sender.
> Sender does not intend to waive confidentiality or privilege. Use of
> this email is prohibited when received in error. We may monitor and
> store emails to the extent permitted by applicable law.
>
| | | |
| listmail
Posts:822
| | 03/09/2010 4:14 PM |
| admod -default minpwdlength::15
--
O'Reilly Active Directory Fourth Edition -
<http://www.joeware.net/win/ad4e.htm> http://www.joeware.net/win/ad4e.htm
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: Tuesday, March 09, 2010 10:21 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] - 15 Character Passwords
Question for the group. I researched legacy threads on this subject but
didn't see any clear examples / strategies..If we wanted to implement a
password policy beyond 14 characters say with 15 being a minimum, how do
people manage that given GPO limitations.
Thanks.
Damian.
_____
NOTICE: If received in error, please destroy, and notify sender. Sender does
not intend to waive confidentiality or privilege. Use of this email is
prohibited when received in error. We may monitor and store emails to the
extent permitted by applicable law.
| | | |
| decrosby
Posts:101
| | 03/09/2010 4:21 PM |
| Thanks Joe (ever reliable),
This will change the setting *but* how is that then managed exposed to the user given the fact that you cant manage it via a GPO...
Damian.
________________________________
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of joe
Sent: 09 March 2010 16:14
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] - 15 Character Passwords
admod -default minpwdlength::15
--
O'Reilly Active Directory Fourth Edition - http://www.joeware.net/win/ad4e.htm
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: Tuesday, March 09, 2010 10:21 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] - 15 Character Passwords
Question for the group. I researched legacy threads on this subject but didn't see any clear examples / strategies..If we wanted to implement a password policy beyond 14 characters say with 15 being a minimum, how do people manage that given GPO limitations.
Thanks.
Damian.
________________________________
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
--------------------------------------------------------------------------
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
| | | |
| listmail
Posts:822
| | 03/09/2010 4:33 PM |
| Not sure I understand the question.
Is this for domain policy? If so, then you need to manage directly through
the attribute, you will find that the GPO will be updated to reflect the
change. Alternately you can look at FGPP through PSOs.
If this is for policy on member machines separate from what the domain is
doing, this is going to be trickier, the only thing I could think of would
be to modify the policy files directly.
joe
--
O'Reilly Active Directory Fourth Edition -
http://www.joeware.net/win/ad4e.htm
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: Tuesday, March 09, 2010 11:20 AM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] - 15 Character Passwords
Thanks Joe (ever reliable),
This will change the setting *but* how is that then managed exposed to the
user given the fact that you cant manage it via a GPO...
Damian.
_____
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of joe
Sent: 09 March 2010 16:14
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] - 15 Character Passwords
admod -default minpwdlength::15
--
O'Reilly Active Directory Fourth Edition -
http://www.joeware.net/win/ad4e.htm
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: Tuesday, March 09, 2010 10:21 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] - 15 Character Passwords
Question for the group. I researched legacy threads on this subject but
didn't see any clear examples / strategies..If we wanted to implement a
password policy beyond 14 characters say with 15 being a minimum, how do
people manage that given GPO limitations.
Thanks.
Damian.
_____
NOTICE: If received in error, please destroy, and notify sender. Sender does
not intend to waive confidentiality or privilege. Use of this email is
prohibited when received in error. We may monitor and store emails to the
extent permitted by applicable law.
_____
NOTICE: If received in error, please destroy, and notify sender. Sender does
not intend to waive confidentiality or privilege. Use of this email is
prohibited when received in error. We may monitor and store emails to the
extent permitted by applicable law.
| | | |
| laurahcomputing
Posts:148
| | 03/09/2010 4:37 PM |
| As I recall there's a UI limitation in GPOE that doesn't allow you to
specify a minimum password age > 14.
As I also recall it's easily worked around by modifying the relevant
attribute on the domain head in ADSI Edit.
On Tue, Mar 9, 2010 at 10:51 AM, Coleman, Hunter <hcoleman@mt.gov> wrote:
> What specific GPO limitations are you referring to?
>
>
>
> From: activedir-owner@mail.activedir.org
> [mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
> Sent: Tuesday, March 09, 2010 8:21 AM
> To: activedir@mail.activedir.org
> Subject: [ActiveDir] - 15 Character Passwords
>
>
>
> Question for the group. I researched legacy threads on this subject but
> didn't see any clear examples / strategies..If we wanted to implement a
> password policy beyond 14 characters say with 15 being a minimum, how do
> people manage that given GPO limitations.
>
>
>
> Thanks.
>
>
>
> Damian.
>
>
>
>
>
> ________________________________
>
> NOTICE: If received in error, please destroy, and notify sender. Sender does
> not intend to waive confidentiality or privilege. Use of this email is
> prohibited when received in error. We may monitor and store emails to the
> extent permitted by applicable law.
--
-----------------------
Laura E. Hunter
Principal, LHA Consulting Incorporated (http://www.lhaconsulting.com)
Microsoft MVP, Directory Services
(https://mvp.support.microsoft.com/profile/laura)
Author, Active Directory Consultant's Field Guide (http://tinyurl.com/7f8ll)
Author, Active Directory Cookbook, Third Edition (http://tinyurl.com/7kp3ct)
| | | |
| decrosby
Posts:101
| | 03/09/2010 5:01 PM |
| No problem I will look at FGPP.
Thanks.
Damian.
________________________________
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of joe
Sent: 09 March 2010 16:32
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] - 15 Character Passwords
Not sure I understand the question.
Is this for domain policy? If so, then you need to manage directly through the attribute, you will find that the GPO will be updated to reflect the change. Alternately you can look at FGPP through PSOs.
If this is for policy on member machines separate from what the domain is doing, this is going to be trickier, the only thing I could think of would be to modify the policy files directly.
joe
--
O'Reilly Active Directory Fourth Edition - http://www.joeware.net/win/ad4e.htm
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: Tuesday, March 09, 2010 11:20 AM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] - 15 Character Passwords
Thanks Joe (ever reliable),
This will change the setting *but* how is that then managed exposed to the user given the fact that you cant manage it via a GPO...
Damian.
________________________________
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of joe
Sent: 09 March 2010 16:14
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] - 15 Character Passwords
admod -default minpwdlength::15
--
O'Reilly Active Directory Fourth Edition - http://www.joeware.net/win/ad4e.htm
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Crosby, Damian
Sent: Tuesday, March 09, 2010 10:21 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] - 15 Character Passwords
Question for the group. I researched legacy threads on this subject but didn't see any clear examples / strategies..If we wanted to implement a password policy beyond 14 characters say with 15 being a minimum, how do people manage that given GPO limitations.
Thanks.
Damian.
________________________________
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
________________________________
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
--------------------------------------------------------------------------
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
| | | |
|
|