Understanding Password Policies

re: Understanding Password Policies

wmcglinn — Wed, 20 May 2009 04:37:57 GMT

Nice corrections Randy, thanks :) I have a question on Fine-Grained Password Policies: If I apply a PSO to my IT_Admin group, do I also *have* to create another PSO for my Domain Users, or do they pick up the Default Domain Policy? The documentation isn't quite as clear as I'd like.

"If you do not create fine-grained password policies for different sets of users, the Default Domain Policy settings apply to all users in the domain, just as they do in Windows 2000 and Windows Server 2003."

re: Understanding Password Policies

Randy Turner — Wed, 20 May 2009 20:10:00 GMT

No, you do not have to create a separate PSO for domain users. Any user not associated with a PSO will get the Default Domain Password Policy.

re: Understanding Password Policies

wmcglinn — Thu, 21 May 2009 06:26:09 GMT

Thanks mate! Give Ned a poke next you see him from me :)

re: Understanding Password Policies

NedPyle — Thu, 21 May 2009 16:05:47 GMT

Oy! No poking of the Ned, Kyle. :-)

BlogMS Weekly Articles Published – 18th May to 24th May

BlogMS - Official Microsoft Team Blogs — Mon, 25 May 2009 14:01:52 GMT

242 Microsoft Team blogs searched, 113 blogs have new articles in the past 7 days. 292 new articles found

re: Understanding Password Policies

smullen — Fri, 29 May 2009 16:29:46 GMT

Thanks for the article and the link to the Account Lockout Best Practices Whitepaper. Two comments on the whitepaper:

1) It needs to have a date.

2) It needs to be updated. Remove anything pre-Server 2003 and include server 2008 information.

The Strange Case of Unenforced Password Complexity

Ask the Directory Services Team — Wed, 17 Jun 2009 17:13:18 GMT

Hello everyone, David Everett and Scott Goad here to discuss a recent issue that we thought you might