Hello all!
I need help regarding Password Management Policies, please!
So, think in the scenario where we have the AD domain, with some GPOs and default domain policy. No any password checking, requirement, etc... configured...
I know that a good practice is to create another GPO specific for password management, right? And do not editing the default, right?
So well, my user can use "123" as password, no validation, no enforcement, no lockout, nothing. everything working fine, without security :)
Now, I create a new GPO for security and make it applied to my users, with password length 8 char, 60 days for renew, 5 last for historic not use again, make complex with numbers, letters, special, etc...
And, I noticed that when my users block the computer for lunch, for example, when they come back to access, the account is locked. is this right? is there any way to prevent this issue? I noticed that some user that have the password like 123 or abc123 received locked and some others are not.
Any suggestion or ideas to make it working very transparent, soft to me and my users?
Thanks,
Diego
- Edited by Diego - dimago Saturday, September 12, 2015 3:00 AM