Re: Password policy

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/03/05

• Next message: Steven L Umbach: "Re: How to exprie ALL acct. passwords?"
• Previous message: Steven L Umbach: "Re: Root Standalone CA crash"
• In reply to: Joe Brown: "Password policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 2 Mar 2005 19:40:07 -0600

Make sure that you configure domain password policy at the domain level
which by default would be Domain Security Policy. If you have more than one
Group Policy in the domain container then the Group Policy at the top of the
list has the highest priority and could override Domain Security Policy. On
a domain controller use the command " net accounts" to see what the maximum
password age is reported. Also for a user you can use the command " net user
username" that will display information on the user password age. Keep in
mind that there can only be ONE password policy for all domain users as
defined at the domain level. Also password policy is part of computer
configuration - not user configuration. If you define password policy at
the OU level, it will apply only to local user accounts on computers in that
OU. --- Steve

"Joe Brown" <news@austintechs.net> wrote in message
news:%23GqyNB1HFHA.1528@TK2MSFTNGP09.phx.gbl...
>I have migrated from Winnt domain to windows 2003 AD. All was successful. I
> have a number of WinXP client systems. I have created an OU called Company
> name - location - Users and created a GP. I have worked here for 3 years
> and
> until recently all the users used the same password. I have unchecked
> "passwords never change" and changed Domain policy to change passwords
> every
> 3 months, with other criteria. The problem is; after about 28 days users
> are
> getting prompt to change their passwords within 14 days? What gives? I
> have
> changed the domain policy to change every 3 months.
>
> Thanks
> Joe
>
>

---

• Next message: Steven L Umbach: "Re: How to exprie ALL acct. passwords?"
• Previous message: Steven L Umbach: "Re: Root Standalone CA crash"
• In reply to: Joe Brown: "Password policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Problem With Password Policy ... Policy on the nearest OU to the userobject takes precedence. ... password policy is an exception and can only be set on domain level. ... All users are picked by a domain level policy. ... Instead of the website you're using, I suggest to use OEx (Outlook Express ... (microsoft.public.windows.server.active_directory) =?iso-8859-1?B?UmU6IEdQTyBkb2VzbrR0IGFwcGx5Lg==?= ... You can set the password policy only on domain level, ... Microsoft MVP - Windows Server - Group Policy. ... (microsoft.public.windows.server.active_directory) =?Utf-8?Q?Re:_GPO_doesn=C2=B4t_apply.?= ... You can set the password policy only on domain level, ... Microsoft MVP - Windows Server - Group Policy. ... (microsoft.public.windows.server.active_directory) Re: Good group policy management within an organisation ... Keep in mind there are two parts to Group Policy - computer and user and that they ... "defined" settings will override the same settings defined at the domain level. ... > I've thought about having an OU that had global policies, ... (microsoft.public.win2000.group_policy) Re: Group Policy not updating on Domain Controller ... Password/account policy for domain accounts can only be changed at the ... domain level, so make sure you are changing the setting at the domain level ... Group Policy still updates successfully ... (microsoft.public.win2000.group_policy)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2005-03