|
Posted by Roger Abell [MVP] on May 14, 2008, 6:08 am
If you were Registered and logged in, you could reply and use other advanced thread options > Hello: I have an enterprise with multiple domains. The domains have
> Windows
> NT, Windows 2000 and Windows 2003.
>
> The Windows servers have software applications running as services. Most
> services have a local account and a few services have a domain account.
>
> I have a project to strengthen passwords. My goal is to implement a
> password
> complexity policy on the local and domain accounts. Is there a third-party
> product that can do this task?
>
> Thanks, Mark
It seems that you have two parts here: getting the policy in place,
and, changing passwords to meet the policy.
You only asked about the first of these.
If the complexity rules defined in Windows are sufficient, then
you can set the rules via GPO for both domain and for machine
local accounts on domain joined machines. If account policies
are set in a domain linked GPO they impact domain accounts,
while if linked to other than the domain object (i.e. an OU)
they impact the machine local accounts on computers in scope
of the GPOs application.
Now, changing the passwords is another thing, as for services
you also need to change the cached passwords the the service
control manager knows to use at service startup, so password
change needs to be coordinated.
| 
XML site map