[Melissa]

I have some users... i would like to be able to try and force certain users to have a harder password policy over the normal one.. any ideas..

its only for people who have extra rights and I want them to have a harder password and non guessable.

[Phoenix]

Check your PM's

[Melissa]

thanks , I think you may have mis understood.. I need to force people to have a complication without making everyone have to have it.

so some people need to have say something like

#pa55W0rD76#

I have certain users to have either a vpn login which is fotware only and some users (also some of which are vpn users) who may use a termincal server and manage their own databases on it but they need to be alot more secure.

[Starcomand]

not sure how to force ones but some paswords i use are like windows product keys lol

[Melissa]

well I dont want to force too many complications as that will result in peopel having to write them down to remember which is counter productive.

I think there is a way to change it on a persons computer but thing is what about vpn users.. i dont manage their PC and it will not affect them whatsoever.

[Chantelle]

Active Directory stick the users in a group or OU.. apply Grou policy object computer account security policy

Password policy

drill down

then enable passwords must meet complexity requirements


willl force them to have mixed characters alpha numerical and mixed caps and non plus 6 long etc etc..

make sure you apply it to their group.. then maybe in each account in AD grab them all in teh OU and select properties and make user change password on next login.

...........


brace yourself






.........





phone rings






..........


WHINGE!!!!!!!!

[Starcomand]

well i have to admit for ones like that i use my fingerprint scanner that way its programed to me only lol and saves me typeing it all the time lol

[FlapJack23]

If you force a complex one, be sure to use non-english characters like:
á or ó

[Melissa]

Thanks for the replies

I don’t understand some peoples answers?

I am not deciding anyone’s password or what they should use, neither am I changing my own or deciding how to make mine harder

I didn’t realise a finger print reader work with Active Directory? I don’t know.. not really sure ? either way if we were to get those and or smart card it would be horrendous investment when I just need a tighter password system which I can enforce for free.

It is to do with complexity , there are certain people who have access to more powers or access to certain areas and to certain things on a server .. AND there are some users who are remote connecting through vpn which we need tougher password if they are logging in through the net… I need to ensure that all their passwords are not weak and that they must use harder passwords..

I think Chantelle is right although I am having trouble getting it to work.. I put it or set it up with a test user but it sort of work.. but doesn’t.. :s

If I set up the policy I must set it up on the Unit??? And for everyone in that unit I have apply policy checked in the ACL.. now I put me in the OU and when I log in it I think does it to me straight off.. yet all the other users not. Even though I don’t want it to do it to me..

So its kinda enforcing it on me and not them which is the reverse :s

[Akimoto]

-Did someone get their password stolen?
IF yes: This would be very useful and would certenly improve protection!

ELSE
Why make things more complicated? Let's do like US do; Wait for a disaster to happen; then do something about it!

[Melissa]

No beause I want to be sensible and make a good move. The fact that people have weak passwords like "password" or pets name cliche isnt good enough for someone who can log in remotley to VPN or a Terminal server or even Intranet..

[Chantelle]

ill PM you tomorrow

its probably all down to replication..

on your local test machine

cmd

GPUPDATE

and ill explain in PM how to force replication

[Akimoto]

No beause I want to be sensible and make a good move. The fact that people have weak passwords like "password" or pets name cliche isnt good enough for someone who can log in remotley to VPN or a Terminal server or even Intranet..

@_@ Who in Satan's, God's and Akimoto's name would use "password" as password?

A suggestion would be to use letters and numbers a requirements for password... and maybe special characters such as "#" or "_" or something..

No need to make it "cômplícâtéd"!

[Phoenix]

Thanks for the replies

I don’t understand some peoples answers?

I am not deciding anyone’s password or what they should use, neither am I changing my own or deciding how to make mine harder

I didn’t realise a finger print reader work with Active Directory? I don’t know.. not really sure ? either way if we were to get those and or smart card it would be horrendous investment when I just need a tighter password system which I can enforce for free.

It is to do with complexity , there are certain people who have access to more powers or access to certain areas and to certain things on a server .. AND there are some users who are remote connecting through vpn which we need tougher password if they are logging in through the net… I need to ensure that all their passwords are not weak and that they must use harder passwords..

I think Chantelle is right although I am having trouble getting it to work.. I put it or set it up with a test user but it sort of work.. but doesn’t.. :s

If I set up the policy I must set it up on the Unit??? And for everyone in that unit I have apply policy checked in the ACL.. now I put me in the OU and when I log in it I think does it to me straight off.. yet all the other users not. Even though I don’t want it to do it to me..

So its kinda enforcing it on me and not them which is the reverse :s

I understand what your getting at here, but to be honest people don't really like restrictions. So forcing someone to have a password that (if they don't have a good memory) are likely to forget. Either that or they will just write them down and put them in their desk drawer. After working in retail, the amount of people that come into the shop and have their pin numbers on a little bit of paper within their wallet is un-real- and we are talking about 4 digits here.

I think it would probably be far easier on your behalf if you enlightened them (even by internal mail) how important having a secure password is especially when you have access to VPN etc. Then you could give them tips and advice on how to remember a secure password.

I think that might be a slightly better, less forcefull approach.

Andy~

[Melissa]

think u might be on to something there

i will have to try

thing is i kept pissing around with AD and its prob getting confused

[Chantelle]

Thanks for the replies

I don’t understand some peoples answers?

I am not deciding anyone’s password or what they should use, neither am I changing my own or deciding how to make mine harder

I didn’t realise a finger print reader work with Active Directory? I don’t know.. not really sure ? either way if we were to get those and or smart card it would be horrendous investment when I just need a tighter password system which I can enforce for free.

It is to do with complexity , there are certain people who have access to more powers or access to certain areas and to certain things on a server .. AND there are some users who are remote connecting through vpn which we need tougher password if they are logging in through the net… I need to ensure that all their passwords are not weak and that they must use harder passwords..

I think Chantelle is right although I am having trouble getting it to work.. I put it or set it up with a test user but it sort of work.. but doesn’t.. :s

If I set up the policy I must set it up on the Unit??? And for everyone in that unit I have apply policy checked in the ACL.. now I put me in the OU and when I log in it I think does it to me straight off.. yet all the other users not. Even though I don’t want it to do it to me..

So its kinda enforcing it on me and not them which is the reverse :s

I understand what your getting at here, but to be honest people don't really like restrictions. So forcing someone to have a password that (if they don't have a good memory) are likely to forget. Either that or they will just write them down and put them in their desk drawer. After working in retail, the amount of people that come into the shop and have their pin numbers on a little bit of paper within their wallet is un-real- and we are talking about 4 digits here.

I think it would probably be far easier on your behalf if you enlightened them (even by internal mail) how important having a secure password is especially when you have access to VPN etc. Then you could give them tips and advice on how to remember a secure password.

I think that might be a slightly better, less forcefull approach.

Andy~

The idea of policy isnt to go god like

these people will more than likely be informed but it is a measure to make sure they are not causing a potetnial security breach. Since if alot of people have weak passwords and stuff some people can esaily log in internally to areas they shoudlnt if they knew.

Asking people doesnt really work, its now her responsibility to secure the netowrk.. if she is wise she will explain what she is doing as its common courtesey.. but Group policy is there for that reason.. and its in her hands needs to explain it and make sure it happens..



Mel if your having replication trouble on the servers just go AD sites and services and NTSD I think um each force replication now between Domian Controllers

remember block or deny in the ACL apply policy to your admin group

[Melissa]

I think I got it sussed... I think anyway... ill try it tomorrow then ill just move them into the OU group..

I am not saying you must have a password like extremeely complicated but I am merely enforcing that these select users who have priviledges and such need to be secured..

While I am still apprentice.. he ownasis falls down on me.. If it is goin to be my responsibility .. and if it is my system to protect they will do what is asked of them... I have tried and will try to keep a good relationship with users and hope they understand why things are done for a reason.