Re: Password policy
From: Joe Brown (news_at_austintechs.net)
Date: 03/03/05
- Next message: ram4tech: "File/Folder audit"
- Previous message: Dave: "Re: Has anyone seen this "Alert"?"
- In reply to: Joe Brown: "Re: Password policy"
- Next in thread: Desmond Lee: "Re: Password policy"
- Reply: Desmond Lee: "Re: Password policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Mar 2005 15:01:08 -0600
The orginial issue was that end-users were recieving "You have 14 days till
you password expires" on client desktops connected to a AD domain. This also
occured if an end-user logged into a Windows 2003 Exchange OWA server.
I have solved this issue. It appears that I have been logged onto an AD 2003
schema master server via terminal session and locally. I had to logged off
the local session, ran gpedit.msc, changed the local computer password
policy settings, ran gpupdate, then logged off and back in. This resolved
the password change prompt even though I had set it on 3 different GPs
linked to different OUs and had set the password policy on "Default
Domain Controller Security Settings" and "Default Domain Security Settings"
under Administrative Tools.
Hope this helps someone in the future!
"Joe Brown" <news@austintechs.net> wrote in message
news:e%23qYlABIFHA.2648@TK2MSFTNGP14.phx.gbl...
> So you are saying that I should use the Default Domain Policy GP; then set
> the password policy, and link it to domain controllers. Then allow client
> computers to inherit the policy? I think the whole point of GPMT and
> linking
> is that you can use it on any OU, at least that is what I believe, as long
> as you can get "Computer Configuration" and "User Configuration" settings
> to
> replicate to all domain computers. Which I have done. I have found that I
> did not have permissions set correctly on the SCCI-default user/computers
> GP. The GP is now replicating to client domain computers (including mine)
> which has the password settings (which I have changed it to 365 days to
> test) however, I am still receiving " you must change password in X days".
> Pics of the GP results; settings and summary on my client computer which
> is
> part of the domain. The pics are from a windows 20003 AD server.
>
> What I don't understand is, I have set the password policy on "Default
> Domain Controller Security Settings" and "Default Domain Security
> Settings"
> under Administrative Tools and on the other two GPs that I have, however,
> it
> does not seem to work the way I want it to. I have downloaded the
> troubleshooting white paper and have read through it numerous times. To
> me,
> the issue still seems to be related to the domain controllers/AD servers,
> it
> does not matter which computer I log onto within the domain, the problem
> follows.
>
> Does anyone know of a script that will find out the date when a user last
> changed their password?
>
> Thanks a lot everyone!
>
>
> "Desmond Lee" <mcp@donotspamplease.mars> wrote in message
> news:9825A2F5-AAD7-47A3-AC88-20A5B83AF5C6@microsoft.com...
>>
>> Password and most security options can only be set at the AD domain
>> level.
>> All other similar settings below (in OUs) will not have any effect.
>>
>> This is by design, so perhaps you would like to first check if this is
>> causing the confusion / issue here?
>>
>> Do let us know if this helps. thanks!
>>
>>
>> "Joe Brown" wrote:
>>
>>> I have migrated from Winnt domain to windows 2003 AD. All was
>>> successful.
>>> I
>>> have a number of WinXP client systems. I have created an OU called
>>> Company
>>> name - location - Users and created a GP. I have worked here for 3 years
>>> and
>>> until recently all the users used the same password. I have unchecked
>>> "passwords never change" and changed Domain policy to change passwords
>>> every
>>> 3 months, with other criteria. The problem is; after about 28 days users
>>> are
>>> getting prompt to change their passwords within 14 days? What gives? I
>>> have
>>> changed the domain policy to change every 3 months.
>>>
>>> Thanks
>>> Joe
>>>
>>>
>>>
>
>
>
>
- Next message: ram4tech: "File/Folder audit"
- Previous message: Dave: "Re: Has anyone seen this "Alert"?"
- In reply to: Joe Brown: "Re: Password policy"
- Next in thread: Desmond Lee: "Re: Password policy"
- Reply: Desmond Lee: "Re: Password policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
