Re: Backing out Complex passwords enabled in Domain Group policy.
From: Herb Martin (news_at_LearnQuick.com)
Date: 03/05/04
- Next message: Herb Martin: "Re: password cracker"
- Previous message: Steven L Umbach: "Re: New company installing a server on my lan"
- In reply to: Steven L Umbach: "Re: Backing out Complex passwords enabled in Domain Group policy."
- Next in thread: Steven L Umbach: "Re: Backing out Complex passwords enabled in Domain Group policy."
- Reply: Steven L Umbach: "Re: Backing out Complex passwords enabled in Domain Group policy."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 5 Mar 2004 14:23:33 -0600
> Supposedly [and I might be wrong] it should not matter if it is configured
> in Domain Controller Security Policy and my experience shows that, though
it
> would not hurt to disable it there also.
This was the cautionary part of my addition -- I am slightly wary that
complexity is actually controlled by the DCs and therefer any setting
to them (no matter where in the chain of GPOs) might cause this.
I believe the same to be true for things like "Account Logon" (but not
plain "Logon" <grin>) auditing.
The only settings that are strictly domain specific (AFAIK) are the
"security Account" settings: Password (length/expire/etc but not
complexity), Lockout, and Kerberos.
Anyone should feel free to correct me from real experience or definitive
documentation and be assured that my belief is somewhat speculative.
> However if a change is made to the
> domain level and "block inheritance" is configured on the domain
controller
> container then password policy changes will not be implemented.
Does this include "security account" Password policies or do they get
processed before the "block" is calculated?
These are some gray areas of the standard documentation of GPO
inheritance and override.
-- Herb Martin "Steven L Umbach" <sumbach@nospam-ameritech.net> wrote in message news:Wb02c.30734$PY.12040@newssvr26.news.prodigy.com... > Hi Herb. > > > > I also found that often the "effective" settings shown in Local Security > Policy even after a reboot can be incorrect and one way to tell what the > real effective settings are to run Security Configuration and Analysis > ool. --- Steve > > http://support.microsoft.com/default.aspx?scid=kb;en-us;269236 > > > "Herb Martin" <news@LearnQuick.com> wrote in message > news:e8isoMnAEHA.2768@tk2msftngp13.phx.gbl... > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message > > news:v6P1c.179508$uV3.762298@attbi_s51... > > > Change complexity to disabled in the domain policy. Ten run secedit > > /refreshpolicy > > > machine_policy /enforce. Wait a couple of minutes and try again. --- > > Steve > > > > > > > I agree with you Steven but I have another thought about what > > MIGHT have been done, correct me if you disagree, this is only > > a supposition.... > > > > IF he changed the Domain Controller Policy (and forgot that) or > > added another policy besides default (this is obviously true but I > > am trying to be complete) then he might be trying to "fix" it in only > > one of several places it is set. > > > > -- > > Herb Martin > > > > > > "Tony Gec" <tony.gec@parliament.qld.gov.au> wrote in message > > > news:C26CC5B2-686B-4EC8-9C01-C9EE28D74BCF@microsoft.com... > > > > Hi, > > > > > > > > I'm currently testing the use of enabling complex passwords. It all > > works fine, > > > however I've been requested to test backing it out. > > > > > > > > Here's my problem. > > > > > > > > Although I have changed the Domain Group policy for complex passwords > > back to the > > > original setting (not defined). Every time I try to add a new user or > > have an > > > existing user change their password, the system insists on using complex > > passwords > > > instead of basic passwords. RSoP indicates that complex passwords have > > been turned > > > off. > > > > > > > > Is there anything else I need to do on the Domain Controller? > > > > > > > > Cheers, > > > > > > > > Tony Gec. > > > > > > > > > > > >
- Next message: Herb Martin: "Re: password cracker"
- Previous message: Steven L Umbach: "Re: New company installing a server on my lan"
- In reply to: Steven L Umbach: "Re: Backing out Complex passwords enabled in Domain Group policy."
- Next in thread: Steven L Umbach: "Re: Backing out Complex passwords enabled in Domain Group policy."
- Reply: Steven L Umbach: "Re: Backing out Complex passwords enabled in Domain Group policy."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
