Simple question on Password Policy

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Good Morning, All ~

I have a simple question, probably more like a stupid one, but here it goes.
:) Everything I have read states that password policies are on the computer
side. What do you do if you have between 60 to 80 users connecting to a
terminal server with thin clients?

I just don't understand how a password policy can be in effect for these
users. Your help is greatly appreciated!!

Sunnie
3 answers Last reply
More about simple question password policy
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    You are correct that the password policy settings are in the computer config
    portion of Group Policy. This is to ensure that all the domain controllers
    read the same settings. When the users logon to the terminal server, they
    user a password that is authenticated by the DC's which will abide by the
    password policy.
    If this is a stand alone machine the the TS would take the place of the DC.

    --
    James Brandt [MSFT]


    "Sunnie" <Sunnie@discussions.microsoft.com> wrote in message
    news:EF317F8D-38D0-47C1-B84E-1BF71B27AF33@microsoft.com...
    > Good Morning, All ~
    >
    > I have a simple question, probably more like a stupid one, but here it
    > goes.
    > :) Everything I have read states that password policies are on the
    > computer
    > side. What do you do if you have between 60 to 80 users connecting to a
    > terminal server with thin clients?
    >
    > I just don't understand how a password policy can be in effect for these
    > users. Your help is greatly appreciated!!
    >
    > Sunnie
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    My question is more on permissions and securities. Do I add users/OU's under
    the securities area so that the users are forced to change their passwords,
    or do I add computers? Because adding computers makes no sense to me, since
    it's actually a password for the user and not the computer. Does my
    confusion make any sense? :-)

    "jabrandt@online.microsoft.com" wrote:

    > You are correct that the password policy settings are in the computer config
    > portion of Group Policy. This is to ensure that all the domain controllers
    > read the same settings. When the users logon to the terminal server, they
    > user a password that is authenticated by the DC's which will abide by the
    > password policy.
    > If this is a stand alone machine the the TS would take the place of the DC.
    >
    > --
    > James Brandt [MSFT]
    >
    >
    > "Sunnie" <Sunnie@discussions.microsoft.com> wrote in message
    > news:EF317F8D-38D0-47C1-B84E-1BF71B27AF33@microsoft.com...
    > > Good Morning, All ~
    > >
    > > I have a simple question, probably more like a stupid one, but here it
    > > goes.
    > > :) Everything I have read states that password policies are on the
    > > computer
    > > side. What do you do if you have between 60 to 80 users connecting to a
    > > terminal server with thin clients?
    > >
    > > I just don't understand how a password policy can be in effect for these
    > > users. Your help is greatly appreciated!!
    > >
    > > Sunnie
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    The password policy is enforced by whatever computer owns the user account.

    While it is "users" (people) that are affected, password policy is computer
    wide; you can't set it differently for different sets of user accounts
    "owned" by the same computer.

    In a domain, the password policy is usually (in my experience anyway) in the
    Default Domain policy so that it is enforced by all domain member computers
    and domain controller computers. For domain user accounts, it is the domain
    controllers that "own" the user accounts and thus (the domain controller
    computers that) enforce the password policy for the domain (as stated by
    James). For local user accounts on domain member computers (servers or
    workstations), those computers enforce whatever password policy applies to
    them (based on whatever GPOs are linked to or inherited by the OU they are
    in), which is normally the one in the Default Domain Policy.

    For computers that are not in a domain at all, each individual computer
    enforces whatever password policy is in affect on it to user accounts that
    it owns (e.g. all local user accounts).

    For a Terminal Server, if it is a Domain Member, the Default Domain policy
    will (normally) apply to it and thus it will enforce the Default Domain
    Policy's password policy (if there is one - which is pretty normal) for it's
    local user accounts. If you need to, you could presumably apply a different
    password policy to a member (Terminal) Server (for local user accounts that
    it "owns"), but I guess I don't understand why one would want to do that.


    --
    Bruce Sanderson MVP

    It is perfectly useless to know the right answer to the wrong question.


    "Sunnie" <Sunnie@discussions.microsoft.com> wrote in message
    news:00CBAB9D-E7A1-4B03-8595-C8FB2B17C3F5@microsoft.com...
    > My question is more on permissions and securities. Do I add users/OU's
    > under
    > the securities area so that the users are forced to change their
    > passwords,
    > or do I add computers? Because adding computers makes no sense to me,
    > since
    > it's actually a password for the user and not the computer. Does my
    > confusion make any sense? :-)
    >
    > "jabrandt@online.microsoft.com" wrote:
    >
    >> You are correct that the password policy settings are in the computer
    >> config
    >> portion of Group Policy. This is to ensure that all the domain
    >> controllers
    >> read the same settings. When the users logon to the terminal server,
    >> they
    >> user a password that is authenticated by the DC's which will abide by the
    >> password policy.
    >> If this is a stand alone machine the the TS would take the place of the
    >> DC.
    >>
    >> --
    >> James Brandt [MSFT]
    >>
    >>
    >> "Sunnie" <Sunnie@discussions.microsoft.com> wrote in message
    >> news:EF317F8D-38D0-47C1-B84E-1BF71B27AF33@microsoft.com...
    >> > Good Morning, All ~
    >> >
    >> > I have a simple question, probably more like a stupid one, but here it
    >> > goes.
    >> > :) Everything I have read states that password policies are on the
    >> > computer
    >> > side. What do you do if you have between 60 to 80 users connecting to
    >> > a
    >> > terminal server with thin clients?
    >> >
    >> > I just don't understand how a password policy can be in effect for
    >> > these
    >> > users. Your help is greatly appreciated!!
    >> >
    >> > Sunnie
    >>
    >>
    >>
Ask a new question

Read More

Policy Microsoft Terminal Server Windows