Password complexity

M

Mark S

Hello: I have an enterprise with multiple domains. The domains have Windows
NT, Windows 2000 and Windows 2003.

The Windows servers have software applications running as services. Most
services have a local account and a few services have a domain account.

I have a project to strengthen passwords. My goal is to implement a password
complexity policy on the local and domain accounts. Is there a third-party
product that can do this task?

Thanks, Mark
 
D

Daniel Petri

Using GPO and Local Policies will only have effect on Post-Windows 2000
machines. Question is do you need specific password complexity requirements,
or is an X number of characters enough? If you do need specific conplexity
that is not provided out of the box, you will need to either buy, obtain, or
create your own password filter. Google a bit about it. In the meantime look
at Password Policy Enforcer at http://anixis.com/products/ppe.

Daniel Petri
www.petri.co.il


"Mark S" <MarkS@discussions.microsoft.com> wrote in message
news:2A568C0C-1828-4F78-A2DB-3985FE468C8F@microsoft.com...
> Hello: I have an enterprise with multiple domains. The domains have
> Windows
> NT, Windows 2000 and Windows 2003.
>
> The Windows servers have software applications running as services. Most
> services have a local account and a few services have a domain account.
>
> I have a project to strengthen passwords. My goal is to implement a
> password
> complexity policy on the local and domain accounts. Is there a third-party
> product that can do this task?
>
> Thanks, Mark
 
R

Roger Abell [MVP]

"Mark S" <MarkS@discussions.microsoft.com> wrote in message
news:2A568C0C-1828-4F78-A2DB-3985FE468C8F@microsoft.com...
> Hello: I have an enterprise with multiple domains. The domains have
> Windows
> NT, Windows 2000 and Windows 2003.
>
> The Windows servers have software applications running as services. Most
> services have a local account and a few services have a domain account.
>
> I have a project to strengthen passwords. My goal is to implement a
> password
> complexity policy on the local and domain accounts. Is there a third-party
> product that can do this task?
>
> Thanks, Mark

It seems that you have two parts here: getting the policy in place,
and, changing passwords to meet the policy.
You only asked about the first of these.
If the complexity rules defined in Windows are sufficient, then
you can set the rules via GPO for both domain and for machine
local accounts on domain joined machines. If account policies
are set in a domain linked GPO they impact domain accounts,
while if linked to other than the domain object (i.e. an OU)
they impact the machine local accounts on computers in scope
of the GPOs application.
Now, changing the passwords is another thing, as for services
you also need to change the cached passwords the the service
control manager knows to use at service startup, so password
change needs to be coordinated.
 
You must log in or register to reply here.

Similar threads

R
Local password policy is off; password does not meet complexity requirements
Replies
0
Views
59
Rob_723
R
D
Windows LAPS didn't match password complexity and Password is now showing on the LAPS UI.
Replies
0
Views
40
DaveyIC
D
J
I am locked out of my laptop. Do I have a virus?
Replies
0
Views
25
Julia Perin
J
D
Missing GPO for LAPs
Replies
0
Views
51
dbnumberiv
D
R
New accounts default to "Password never expires"
Replies
0
Views
40
RussellH_900
R
Back
Top Bottom