Re: Security hierarchy
From: Peter K. (pmkdatabase@yahoo.ca)
Date: 04/13/03
- Next message: Craig Joyce: "Re: Command Line Certificate Request Generation"
- Previous message: MadZookeeper: "Re: IE - Skeech"
- In reply to: Steven L Umbach: "Re: Security hierarchy"
- Next in thread: Steven L Umbach: "Re: Security hierarchy"
- Reply: Steven L Umbach: "Re: Security hierarchy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Peter K. <pmkdatabase@yahoo.ca> Date: Sun, 13 Apr 2003 11:52:10 +0700
Thank you - I hope you have time to have a look at my responses
inline.
On Sat, 12 Apr 2003 15:03:09 GMT, "Steven L Umbach"
<sumbach@ameritech.net> wrote:
> I assume you are trying to add a domain user. Account policy for domain
Yes
>can be configured only at domain level. If it is assigned at other levels it
>would only apply to local machine accounts if domain policy is overridden..
Understood, but at domain level (and DC) it is not defined.
>I have found that sometimes certain settings do not "show up" in a timely
>manner as you would think. Try running security configuration and analysis
It has been > 12 hours or so since my post, and I have rebooted also.
>snap in to see what it reports.
Not Configured - PasswordComplexity
>Another thing to try would be to change
>setting to disabled at domain level. These policies do not propagate
Tried that.
>immediately and need to be updated on dc first via a secedit refresh or
>reboot before doing same to domain member computer. It is also advisable to
ran secedit and rebooted also.
>try not to change domain and domain controller policy, but to add new
>policies for desired changes - that way it is easy to undo changes and go
>back to default by deleting custom policy.
Good advice for next time!
This is the big question: Are you saying that from the info I have
provided, that password complexity should not be enforced although it
is and therefore the system is somehow hosed? 'Cause if so, I will
stop wasting time on it but it is scary if it could get hosed so
easily.
>Changes at local security policy
>can be restored to default, but it is best to document changes and do just a
>few at a time. -- Steve
>
>"Peter K." <pmkdatabase@yahoo.ca> wrote in message
>news:s4lf9v0mcbl10ab7fq3m0au9du2l7mujt8@4ax.com...
>> Hi,
>>
>> Maybe I have been working on this too long (studying for the 70-215
>> exam) - but I just cannot figure out what is going on. Help would be
>> appreciated. I should mention I have made a number of changes to the
>> security settings at various levels.
>>
>> Currently Domain and DC Security policy have all display password
>> policies 'not defined'. The default GPO for the domain in Users and
>> Computers MMC also shows them as all not defined. Local setting show
>> password complexity requirement as disabled in Local Settings, and
>> Effectively as 'not defined'.
>>
>> I reboot the DC (the only one in the test domain).
>>
>> Yet password complexity is clearly in effect - I cannot add a user -
>> regardless of the group selected - unless the password meets
>> complexity requirements like so.123Ss11D. What am I missing??
>>
>> Thanks,
>>
>> Peter
>>
>>
>> Peter
>
Peter
- Next message: Craig Joyce: "Re: Command Line Certificate Request Generation"
- Previous message: MadZookeeper: "Re: IE - Skeech"
- In reply to: Steven L Umbach: "Re: Security hierarchy"
- Next in thread: Steven L Umbach: "Re: Security hierarchy"
- Reply: Steven L Umbach: "Re: Security hierarchy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
