Password Policy
I have been working in IT ina helpdesk capacity for a few years and have been asked my my management team to implement a password policy for up to 1500 people.I need to propose a solution that will be used across all operating systems on site. To my knowledge we currently have 114 servers mainly using windows but also SLES and Solaris 10. All of the windows clients and servers are on Active Directory and my first plan was to bring the Unix and Linux clients and servers onto the AD using quest or something similar and then once these are domained apply a password policyacross the domain. I am not really familiar with an enterprise password policy and am looking for some ideas on how I canmaybe implementsingle sign on for client passwords (as they currently have several passwords to remember) and then have a higher level logon for the helpdesk to do day to day admin work on the servers for password resets and user creation, etc, and then some sort of high level password which would be locked in a safe that would only be used for either server maintenance and/or server configuration.Any ideas or help would be greatly appreciated.
May 26th, 2009 2:28pm

Hello,Your plan is good, that is to move non windows servers to AD and then use Group policy to implement a domain wide password policy. You single sign on password policy will depend on the apps that are currently being used in your environment..You can get an API/AD integration for the apps for single signon. For help desk administration, you can create two accounts..regular user LAN account and a priviledge account for administration..Isaac Oben MCITP:EA, MCSE
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2009 6:27am

Hi, As far as I know, Active Directory doesnt support Non Windows clients. If you need apply Password Policy to Unix or Linux clients, you may need third party products. Regarding Single sign on, its enabled in AD. All AD User should be able visit AD resource directly. Please let us know more about "as they currently have several passwords to remember", one for Windows logon, what are other passwords for? For your reference: Windows Domain Password Policies http://technet.microsoft.com/en-us/magazine/cc137749.aspx Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.
May 27th, 2009 10:20am

Hi munich99....if you have a bit of ease on programming i recommend you do a custom function using the old adage "passfilt.dll" also some of the function wrappers specific to the domain can be programmed....give a shot referring to the link below:http://msdn.microsoft.com/en-us/library/ms721849(VS.85).aspx#password_filter_functionsif you have any questions please do post it and also your feedback...Regards, KOWSHAL H.M. a.k.a W@R10CK
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2009 2:26am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics