PowerGUI Community : Fine-Grained Password Policies:
http://powergui.org/entry.jspa?externalID=882&categoryID=46

Command line, no native gui, but yes, Win2k8 will support fine grained
password policies.

James D. Stallard wrote:
> I know we've wandered a little of topic here, but to expand on Thor HoGs
> point:
>
> If you apply a password policy GPO to the domain, it will apply only to
> accounts authenticated on the domain.
>
> If you apply a password policy GPO to an OU (that contains machine
> accounts), it will apply only to local user accounts created on the machines
> in that, and subordinate OUs.
>
> It has always been said that if you want different password policies for
> different users you need to put them in different domains, either in the
> same, or different forests. I believe (but can't test it at the moment) that
> this annoyance has been addressed in Windows 2008 such that password
> policies can be applied per OU that will only affect the users accounts in
> those OUs.
>
> Cheers
>
> James
>
> James D. Stallard, MIoD
> Infrastructure Technical Architect
> Web: www.leafgrove.com
> LinkedIn: www.linkedin.com/in/jamesdstallard
>
>
>
>
>
>
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
> Behalf Of Thor (Hammer of God)
> Sent: 15 August 2007 21:45
> To: Bean, John (DSHS); dubaisans dubai; focus-ms (at) securityfocus (dot) com [email concealed]
> Cc: Knowlton, Jay (DSHS/ISSD)
> Subject: RE: Password complexity - improvement
>
> Correct- GPO allows you to specify whether "passwords must meet complexity
> requirements" or not. But the actual "complexity requirement"
> itself is dictated by passfilt.dll, which lives on the DC that the user
> authenticates against when a password is set or changed. If you don't push
> out your custom passfilt.dll to all controllers, then the "default"
> passfilt.dll will be used when users change or set passwords on those
> controllers (the ones not customized). So, in that respect, it's not
> actually at the "domain level," but rather, at the "controller level."
>
> t
>
> ------------
> veni, vidi, veni denuo
>
>
>
>
>
>
>
>
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed]
>> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Bean, John (DSHS)
>> Sent: Wednesday, August 15, 2007 9:25 AM
>> To: dubaisans dubai; focus-ms (at) securityfocus (dot) com [email concealed]
>> Cc: Knowlton, Jay (DSHS/ISSD)
>> Subject: RE: Password complexity - improvement
>>
>>
>>
>> It is my understanding that your request to enforce all four
>>
> properties
>
>> can only be enforced on the domain level. There is no way to have one
>> password complexity policy on the domain level and a second more
>> password complexity policy on a child OU.
>>
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed]
>> [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>> On Behalf Of dubaisans dubai
>> Sent: Tuesday, August 14, 2007 11:15 PM
>> To: focus-ms (at) securityfocus (dot) com [email concealed]
>> Subject: Password complexity - improvement
>>
>> Is there a way to improve the password complexity requirements in
>> Windows 2000/2003 servers
>>
>> The default will enforce 3 of the following 4 properties - Uppercase,
>> smallercase, numbers, special-characters.
>>
>> Is there a way to enforce all 4 properties. I donot want to install
>> third-party software
>>
>> I have read about customising passfilt.dll . Is that recommended. Does
>> MS provide a customised passfilt.dll for download and install.
>>
>> Are there any support issues if I go for something like this ?
>>
>>
>
>
>
>
>

[ reply ]