Re: Policy enforcement- Admin accounts

Sadly with AD you can only have one account security policy per
domain. You would need to make a second domain in your forest and move
your admin accounts there. Also remember the actual Administrator
account CANNOT be locked out.

On Dec 15, 2007 11:32 AM, WALI <hkhasgiwale@gmail.com> wrote:
> In an active directory environment (windows 2003), I want to ensure lockout
> for administrator accounts also, in order to protect against attempts to
> brute force account password. The flipside is, we might have a DoS situation
> but I can live with it. Is there a tool I can deploy to ensure that admin
> account also locks out after certain no. of attemps?
>
> Also, ONLY for admin accounts, I want to enforce certain settings like:
> Password should contain atleast 15 characters, should not contain a
> dictionary word etc.
> My normal password policy for AD user accounts, set at the domain level is a
> minimum of 8 chars but I want to deploy this special policy of 15 chars
> minimum for admin accounts.
>
> How should I go about this?