Security Basics mailing list archives
Re: Changing the domain password policy
From: Raoul Armfield <armfield () amnh org>
Date: Tue, 06 Feb 2007 09:47:19 -0500
Mike Devlin wrote:
yes, you are right that if you change the password complexity requirements/minimum length, all the accounts that don't meet the new requirements are fine until their password expires or is forced to rotate. I suppose that if you wanted to be extra safe, you could make a policy just for the service accounts, and have a different set of password requirements for these accounts, and have the default domain policy have the stronger password complexity settings.
The thing is though that you can only have one password policy in a given domain. So any thing that deviates form the norm needs to be done as an administrative policy but can not be enforced by the DCs unless you create a child domain specifically for the accounts that need the higher complexity.
Raoul -- Raoul Armfield rarmfield at amnh dot org
Current thread:
- Changing the domain password policy Gary Collis (Feb 02)
- RE: Changing the domain password policy Huang, John, GCM (Feb 02)
- RE: Changing the domain password policy Roger A. Grimes (Feb 05)
- RE: Changing the domain password policy Scott Ramsdell (Feb 02)
- RE: Changing the domain password policy Roger A. Grimes (Feb 05)
- RE: Changing the domain password policy Depp, Dennis M. (Feb 02)
- Re: Changing the domain password policy Mike Devlin (Feb 02)
- Re: Re: Changing the domain password policy David Grant (Feb 05)
- Re: Changing the domain password policy Raoul Armfield (Feb 06)
- <Possible follow-ups>
- Re: Changing the domain password policy krymson (Feb 02)
- Re: Changing the domain password policy test (Feb 07)
- RE: Changing the domain password policy Huang, John, GCM (Feb 02)