Re: Security hierarchy
From: Peter K. (pmkdatabase@yahoo.ca)
Date: 04/14/03
- Next message: Joel: "passwords"
- Previous message: Jim Nugent: "Re: automatic logoff"
- In reply to: Steven L Umbach: "Re: Security hierarchy"
- Next in thread: Steven L Umbach: "Re: Security hierarchy"
- Reply: Steven L Umbach: "Re: Security hierarchy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Peter K. <pmkdatabase@yahoo.ca> Date: Mon, 14 Apr 2003 09:54:38 +0700
Steven and Joe,
I have tried all the suggestions plus a new top GPO at domain level
and other combos as well. I can't get rid of the requirement for a
complex password - I give up.
BTW, I found a post by Svyatoslav Pidgorny stating that security
polices are domain level only
(http://groups.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&frame=right&th=56ae7e30dcc1f1f0&seekm=u30XBWvCCHA.2096%40tkmsftngp04#link4)
but tried all the combos with DC and local settings also.
I also found this in the KB (279890) - kind of bizarre, as it refers
to an option that as far as I can see does not exist - "I will specify
user's password".
Thanks a lot for the input - greatly appreciated.
Peter
On Sun, 13 Apr 2003 19:29:06 GMT, "Steven L Umbach" <n9rou@attbi.com>
wrote:
> Hi Peter. No I do not think your system is hosed. You said you set
>it to disabled at domain level. Try that at domain controller and local
>policy level also. What you are experiencing with that setting does not
>seem to be unusual since I have seen more than a few postings on the same
>subject. Try a Google advanced search for groups using password complexity
>as search string and *win2000* or *security* as newsgroups to search. Also
>see links as a possible solution/clue. Good luck. --- Steve
>
>http://support.microsoft.com/?kbid=226243
>http://support.microsoft.com/?kbid=161990
>
>"Peter K." <pmkdatabase@yahoo.ca> wrote in message
>news:bsqh9vkvl32jpiun4e3l4lsj1aapeod0bs@4ax.com...
>> Thank you - I hope you have time to have a look at my responses
>> inline.
>>
>> On Sat, 12 Apr 2003 15:03:09 GMT, "Steven L Umbach"
>> <sumbach@ameritech.net> wrote:
>>
>> > I assume you are trying to add a domain user. Account policy for
>domain
>>
>> Yes
>>
>> >can be configured only at domain level. If it is assigned at other levels
>it
>> >would only apply to local machine accounts if domain policy is
>overridden..
>>
>> Understood, but at domain level (and DC) it is not defined.
>>
>> >I have found that sometimes certain settings do not "show up" in a timely
>> >manner as you would think. Try running security configuration and
>analysis
>>
>> It has been > 12 hours or so since my post, and I have rebooted also.
>>
>> >snap in to see what it reports.
>>
>> Not Configured - PasswordComplexity
>>
>> >Another thing to try would be to change
>> >setting to disabled at domain level. These policies do not propagate
>>
>> Tried that.
>>
>> >immediately and need to be updated on dc first via a secedit refresh or
>> >reboot before doing same to domain member computer. It is also advisable
>to
>>
>> ran secedit and rebooted also.
>>
>> >try not to change domain and domain controller policy, but to add new
>> >policies for desired changes - that way it is easy to undo changes and go
>> >back to default by deleting custom policy.
>>
>> Good advice for next time!
>>
>> This is the big question: Are you saying that from the info I have
>> provided, that password complexity should not be enforced although it
>> is and therefore the system is somehow hosed? 'Cause if so, I will
>> stop wasting time on it but it is scary if it could get hosed so
>> easily.
>>
>> >Changes at local security policy
>> >can be restored to default, but it is best to document changes and do
>just a
>> >few at a time. -- Steve
>> >
>> >"Peter K." <pmkdatabase@yahoo.ca> wrote in message
>> >news:s4lf9v0mcbl10ab7fq3m0au9du2l7mujt8@4ax.com...
>> >> Hi,
>> >>
>> >> Maybe I have been working on this too long (studying for the 70-215
>> >> exam) - but I just cannot figure out what is going on. Help would be
>> >> appreciated. I should mention I have made a number of changes to the
>> >> security settings at various levels.
>> >>
>> >> Currently Domain and DC Security policy have all display password
>> >> policies 'not defined'. The default GPO for the domain in Users and
>> >> Computers MMC also shows them as all not defined. Local setting show
>> >> password complexity requirement as disabled in Local Settings, and
>> >> Effectively as 'not defined'.
>> >>
>> >> I reboot the DC (the only one in the test domain).
>> >>
>> >> Yet password complexity is clearly in effect - I cannot add a user -
>> >> regardless of the group selected - unless the password meets
>> >> complexity requirements like so.123Ss11D. What am I missing??
>> >>
>> >> Thanks,
>> >>
>> >> Peter
>> >>
>> >>
>> >> Peter
>> >
>>
>>
>> Peter
>
Peter
- Next message: Joel: "passwords"
- Previous message: Jim Nugent: "Re: automatic logoff"
- In reply to: Steven L Umbach: "Re: Security hierarchy"
- Next in thread: Steven L Umbach: "Re: Security hierarchy"
- Reply: Steven L Umbach: "Re: Security hierarchy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
