|Subject:||SOX compliant .. different password policy need for privilege accounts|
|Posted by:||John (Jo…@somewhere.com)|
|Date:||Fri, 29 Sep 2006|
Due to recent SOX requirements we are require to have a different password
policy for all privilege accounts however our Win2003 forest consist of a
single domain . We would of like to implement the empty root design model in
this way all our privilege accounts would reside in the root domain and all
users accounts would reside in the child domain. However this design model
is not an option since we have currently have a flat single forest /single
domain and restructuring our forest to include an empty domain would be
impossible, or is it possible ? .
My question is how do I implement a different password policy for all my
privilege accounts ?
I had one idea but no sure if this would work. ..Create a non contiguous
domain tree and this domain will contain all my privilege accounts thus
using a different password policy. But I would also need these privilege
accounts to be domain admins of the entire forest , would this work ?
Any idea's would certainly be appreciated