Re: Security hierarchy
From: Steven L Umbach (sumbach@ameritech.net)
Date: 04/12/03
- Next message: Martin: "Security Update"
- Previous message: S. Pidgorny [MVP]: "Re: certificate generation for smart card using stand-Alone CA"
- In reply to: Peter K.: "Security hierarchy"
- Next in thread: Peter K.: "Re: Security hierarchy"
- Reply: Peter K.: "Re: Security hierarchy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Steven L Umbach" <sumbach@ameritech.net> Date: Sat, 12 Apr 2003 15:03:09 GMT
I assume you are trying to add a domain user. Account policy for domain
can be configured only at domain level. If it is assigned at other levels it
would only apply to local machine accounts if domain policy is overridden..
I have found that sometimes certain settings do not "show up" in a timely
manner as you would think. Try running security configuration and analysis
snap in to see what it reports. Another thing to try would be to change
setting to disabled at domain level. These policies do not propagate
immediately and need to be updated on dc first via a secedit refresh or
reboot before doing same to domain member computer. It is also advisable to
try not to change domain and domain controller policy, but to add new
policies for desired changes - that way it is easy to undo changes and go
back to default by deleting custom policy. Changes at local security policy
can be restored to default, but it is best to document changes and do just a
few at a time. -- Steve
"Peter K." <pmkdatabase@yahoo.ca> wrote in message
news:s4lf9v0mcbl10ab7fq3m0au9du2l7mujt8@4ax.com...
> Hi,
>
> Maybe I have been working on this too long (studying for the 70-215
> exam) - but I just cannot figure out what is going on. Help would be
> appreciated. I should mention I have made a number of changes to the
> security settings at various levels.
>
> Currently Domain and DC Security policy have all display password
> policies 'not defined'. The default GPO for the domain in Users and
> Computers MMC also shows them as all not defined. Local setting show
> password complexity requirement as disabled in Local Settings, and
> Effectively as 'not defined'.
>
> I reboot the DC (the only one in the test domain).
>
> Yet password complexity is clearly in effect - I cannot add a user -
> regardless of the group selected - unless the password meets
> complexity requirements like so.123Ss11D. What am I missing??
>
> Thanks,
>
> Peter
>
>
> Peter
- Next message: Martin: "Security Update"
- Previous message: S. Pidgorny [MVP]: "Re: certificate generation for smart card using stand-Alone CA"
- In reply to: Peter K.: "Security hierarchy"
- Next in thread: Peter K.: "Re: Security hierarchy"
- Reply: Peter K.: "Re: Security hierarchy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
