Re: password policy/complexity

From: Steven L Umbach (sumbach_at_N0spam.ameritech.net)
Date: 03/17/04 

Date: Wed, 17 Mar 2004 14:20:21 -0600

The policy can only be defined at the domain level, however if you have more
than one GPO for the domain then configure account policies in the GPO at
the top of the list. Other things to check are that the GPO is linked to the
domain container, that computer configuration is enabled for the GPO, and
that "block inheritance" is not congured on the domain controller container.
Of course any problems with dns configuration in the domain can cause
policies to not work as planned and running netdiag and dcdiag on the domain
controller can look for configuration problems. I would also suggest running
"gpresult /c" on the domain controller to see exactly what computer policies
are being applied and the last time they were applied. Using "net accounts"
is also a good way to see current applied password policy [except
complexity] for a domain. --- Steve

"robb" <anonymous@discussions.microsoft.com> wrote in message
news:A87D8542-47FF-4043-9DC4-25567EA410C9@microsoft.com...
> ?!?!?
>
> when i go to edit the "Default Domain Security Settings" (from
Start->AdminTools->DomainSecurityPolicy) the settings are already as i would
like them, yet they aren't being enforced.
>
> The GPO in GP-mgmt that i'm referencing is the "Default Domain Policy" and
the settings already match what I see in the "Domain Security Policy" from
above.
>
>
>
>
> ----- robb wrote: -----
>
> it's starting to make more sense...
>
> ...if i wanted a certain OU to NOT have the complexity policy, but
have it in other OU's, I would have to enable the complexity at the
domain-level and then 'disable' the complexity requirement in those OU's
that I don't want it ?
>
>
> thx,
> ~~Robb

Relevant Pages

  • Re: Local GPO refreshes outside of refresh interval
    ... I looked through my GPO's Windows Settings section ... > Some policies, including IE policies, have a checkbox that defines if this ... > it should apply EVEN if the value defined in GPO did not change since the ... we are talking about one particular policy: ...
    (microsoft.public.windows.group_policy)
  • Re: "There are 0 filters" using IPSec via GPO
    ... 1)Deleting all IPSec policies in the GPO ... 4)Assigning "request security" policy in Local Security Settings, ...
    (microsoft.public.win2000.security)
  • Re: Windows 2003 Server - Group Policy
    ... Group Policies refresh time is 90-minute intervals by default. ... For Windows 2000 Computers see the follow KB: ... Policy Inheritance can be set to this OU it means no policies from higher ... You can also set No Override to a particular GPO. ...
    (microsoft.public.win2000.active_directory)
  • RE: Group Policy: multiple password policies in the same domain?
    ... > it under access to the GPO. ... The conflict only happens when both policies ... results in having the policy denied. ... > user accounts it affects be able to read it and have "apply ...
    (Focus-Microsoft)
  • Local GPO refreshes outside of refresh interval
    ... We are experiencing an unique situation where local group ... we are talking about one particular policy: ... a homepage on users and therefore, we never set this policy on the AD GPO. ... Even though we knew that group policies are refreshed every 90 minutes on ...
    (microsoft.public.windows.group_policy)
Quantcast