Re: Security hierarchy

From: Joe Richards [MVP] (humorexpress@hotmail.com)
Date: 04/13/03 

From: "Joe Richards [MVP]" <humorexpress@hotmail.com>
Date: Sun, 13 Apr 2003 12:19:22 -0400

Undefining does not mean not set. If at some point you configured those
settings, they stay in affect until you reverse them. Undefining the policy
simply tells the system not to update the reg/AD values anymore, it doesn't
revert them to some previous state. So enable the policies and set them to
what you want, after you have given them time to apply or you have done a
secedit refresh then undefine them again. 

--
Joe Richards
www.joeware.net
---
"Peter K." <pmkdatabase@yahoo.ca> wrote in message
news:s4lf9v0mcbl10ab7fq3m0au9du2l7mujt8@4ax.com...
> Hi,
>
> Maybe I have been working on this too long (studying for the 70-215
> exam) - but I just cannot figure out what is going on. Help would be
> appreciated. I should mention I have made a number of changes to the
> security settings at various levels.
>
> Currently Domain and DC Security policy have all display password
> policies 'not defined'. The default GPO for the domain in Users and
> Computers MMC also shows them as all not defined. Local setting show
> password complexity requirement as disabled in Local Settings, and
> Effectively as 'not defined'.
>
> I reboot the DC (the only one in the test domain).
>
> Yet password complexity is clearly in effect - I cannot add a user -
> regardless of the group selected - unless the password meets
> complexity requirements like so.123Ss11D. What am I missing??
>
> Thanks,
>
> Peter
>
>
> Peter

Relevant Pages

  • Re: Default Policy not applying
    ... Perhaps the linking of the policy is not enabled. ... policy with conficting account settings with higher priority at the domain ... They will only apply to local accounts. ... password complexity but i'm finding that it just ...
    (microsoft.public.windows.group_policy)
  • Re: User Creation
    ... to create any user accounts at all. ... default settings for the above steps. ... >W2k3 by default has password complexity enabled in Default ... >password doesnot meet the password policy requirements. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Default Domain password policy issue
    ... Only informational events that indicate Group Policy has been applied ... Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub: ... password complexity has been applied. ... Settings are grayed out, cannot be changed from the console directly. ...
    (microsoft.public.windows.group_policy)
  • Re: Default Policy not applying
    ... Look in the Group Policy Management Console under the node for your domain, right click on the Default Domain Policy and click enable. ... There may also be another policy with conficting account settings with higher priority at the domain level. ... I needed to set the Default Domain Policy so that accounts had to meet password complexity but i'm finding that it just is not applying - i can always create and change passwords to anything like 'password'. ...
    (microsoft.public.windows.group_policy)
  • Re: scripted logon
    ... Why can't you launch all the scripts from a Group Policy based Logon script. ... Here's the policy settings (I sure hope word wrap doesn't mess it up too ... Windows Components/Windows Installer ...
    (microsoft.public.windows.terminal_services)