CPES Active Directory Guide
CPES Active Directory Policy Reference
by Ben Pfountz (netprince@vt.edu)

The following is a list of active policies for the new Active Directory:

• A strict password policy has been enabled, passwords must meet the following guidelines
  • Passwords must have 7 or more characters
  • Passwords may not contain all or part of the user's account name
  • Passwords must contain characters from three of the following four categories:
    • English uppercase characters (A...Z)
    • English lowercase characters (a...z)
    • A number (0...9)
    • Punctuation (For example, !@#$%)
  • Passwords cannot match any of the users 18 previously used passwords
  • A password must be used for a minimum of 3 days before it can be changed
  • Passwords will expire after 180 days (~6 months)
  • Users will be reminded of password expiration 3 days before passwords expire
  • After password expires, a user will be required to change their password by the system they are trying to log in at
    
• Domain wide security level requires all clients to be running windows 2000 pro or windows XP pro, or newer operating system. Note that windows 2000 home and windows XP home do not support domain authentication.
  
• Domain users cannot log into bench/office machines. These machines will require users to have a local account to log in.
  
• Software Update Services will be configured on each client machine to automatically download and install windows updates approved by the CPES IT group.
  • The installation will take place early in the morning at 5am, and computers needing to be re-booted will do so automatically so long as a user is not logged in. If a user is logged in, the machine will reboot as soon as the user logs off.
  • Computers that are turned off at 5am will install the updates as soon as they are turned on, and will reboot if necessary so long as a user is not logged in. If a user is logged in, the machine will reboot as soon as the user logs off.
  • System Administrators should still periodically check for software updates. This automated process does not relenquish you from your responsiblity to make sure the updates are being installed as soon as possible.
    
• Users by default will have a roaming profile enabled, as well as their Z drive mapped to their home directory on the domain file server.
  
• Users will have a 1 Gigabyte quota set on their home directories. Users needing more home space can be given a larger quota upon approval.
  
• Project folders will also be running quotas, but the quota limit has not been determined at this time.