Anyone has a good resource that will enforce password changes, complexity and history for non-AD PCs? My team needs to get a better handle on this for PCI, but adding these systems to a separate child AD lends to poor management due to the overhead of managing another AD. Ideally, I would like to have a tool manage that and allow the head of retail to appoint someone to manage password changes. My team would audit these changes (Who, What, When). It's for a not-for-profit, so a free tool is best.