Re: Password policy
From: J.e.H. (jeremyhallock_at_yahoo.com)
Date: 03/03/05
- Next message: RQ: "Re: Has anyone seen this "Alert"?"
- Previous message: ge: "How to implement password screensaver"
- In reply to: Joe Brown: "Re: Password policy"
- Next in thread: Joe Brown: "Re: Password policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 03 Mar 2005 13:58:27 -0600
Password policies must be set at the domain level.
http://support.microsoft.com/default.aspx?scid=kb;en-us;269236
This article only says it applies to Windows 2000 but it applies to
Windows 2003 as well.
Joe Brown wrote:
> So you are saying that I should use the Default Domain Policy GP; then set
> the password policy, and link it to domain controllers. Then allow client
> computers to inherit the policy? I think the whole point of GPMT and linking
> is that you can use it on any OU, at least that is what I believe, as long
> as you can get "Computer Configuration" and "User Configuration" settings to
> replicate to all domain computers. Which I have done. I have found that I
> did not have permissions set correctly on the SCCI-default user/computers
> GP. The GP is now replicating to client domain computers (including mine)
> which has the password settings (which I have changed it to 365 days to
> test) however, I am still receiving " you must change password in X days".
> Pics of the GP results; settings and summary on my client computer which is
> part of the domain. The pics are from a windows 20003 AD server.
>
> What I don't understand is, I have set the password policy on "Default
> Domain Controller Security Settings" and "Default Domain Security Settings"
> under Administrative Tools and on the other two GPs that I have, however, it
> does not seem to work the way I want it to. I have downloaded the
> troubleshooting white paper and have read through it numerous times. To me,
> the issue still seems to be related to the domain controllers/AD servers, it
> does not matter which computer I log onto within the domain, the problem
> follows.
>
> Does anyone know of a script that will find out the date when a user last
> changed their password?
>
> Thanks a lot everyone!
>
>
> "Desmond Lee" <mcp@donotspamplease.mars> wrote in message
> news:9825A2F5-AAD7-47A3-AC88-20A5B83AF5C6@microsoft.com...
>
>>Password and most security options can only be set at the AD domain level.
>>All other similar settings below (in OUs) will not have any effect.
>>
>>This is by design, so perhaps you would like to first check if this is
>>causing the confusion / issue here?
>>
>>Do let us know if this helps. thanks!
>>
>>
>>"Joe Brown" wrote:
>>
>>
>>>I have migrated from Winnt domain to windows 2003 AD. All was successful.
>>>I
>>>have a number of WinXP client systems. I have created an OU called
>>>Company
>>>name - location - Users and created a GP. I have worked here for 3 years
>>>and
>>>until recently all the users used the same password. I have unchecked
>>>"passwords never change" and changed Domain policy to change passwords
>>>every
>>>3 months, with other criteria. The problem is; after about 28 days users
>>>are
>>>getting prompt to change their passwords within 14 days? What gives? I
>>>have
>>>changed the domain policy to change every 3 months.
>>>
>>>Thanks
>>>Joe
>>>
>>>
>>>
>
>
>
>
- Next message: RQ: "Re: Has anyone seen this "Alert"?"
- Previous message: ge: "How to implement password screensaver"
- In reply to: Joe Brown: "Re: Password policy"
- Next in thread: Joe Brown: "Re: Password policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
