GPO Password length not working

From: CB (CB_at_discussions.microsoft.com)
Date: 08/20/05 

Date: Fri, 19 Aug 2005 15:45:05 -0700

I have a mixed mode Windows 2000 and 2003 AD. There are four AD servers.
There is one main server I always and only use ADUC on. We recently
implemented a password policy for the company. Previous it was blank
passwords or anything goes pretty much. Now, it is 2 passwords remembered, 90
days max age, 10 days min age and 6 char length. No complexity turned on.

originally I changed the domain controller policy. Then everyone got
prompted t change passwords every 42 days. Realized that was the wrong policy
to be setting, so I then changed the domain policy. Every 90 it is asking
them to change. problem is that they are allowed to set their password to any
length including blank. If I do it as a test, and set the password to blank
or 2 characters, then try and change it back to the original, it won't let me
because of the 2 passwords remembered thing. But it will let me change it to
something different, which it also shouldn'tdo because of the 10 day min age
thing. So some of the policy is working, but the length and min age is being
ignored. The length is the most imprtant one to us. We are just trying to
make sure that the passwords are at least 6 characters and change every 90
days.

Anyone know why this is happening?

Relevant Pages

  • Re: Locking down database accounts
    ... Personally it sounds to me that your company has established a policy and is ... But bottom line if you have to use SQL Server logins and passwords, ... Whether it's an encrypted flat file or an encrypted XML file, ...
    (microsoft.public.sqlserver.security)
  • RE: policy-based password cracker
    ... that required at least one upper, one lower and one number in all passwords. ... password checks can be eliminated due to the policy. ... Since the vast majority of the time for a brute-force attack is ... most brute-force attacks are very fast. ...
    (Pen-Test)
  • Re: Security hierarchy
    ... OK - last night I managed to reset the password policy. ... I had to boot into DS restore mode in order to be able to access the ... New users had to have complex passwords. ... >> I have tried all the suggestions plus a new top GPO at domain level ...
    (microsoft.public.win2000.security)
  • Re: GPO Password length not working
    ... For "domain users" password account policy is set only at the domain level. ... Usually this is Default Domain Policy but it can be any Group Policy linked ... You can use the command net accounts on a domain controller to see the ... > passwords or anything goes pretty much. ...
    (microsoft.public.windows.server.security)
  • Re: Sharing folder permission ????
    ... XP blocks network access to accounts that have blank ... you can do so through Local Security Policy. ... Limit local account use of blank passwords to ... When I click my Xp system visible in default>>woprkgroup, I get a login windows whcih identify me on> the ...
    (microsoft.public.windowsxp.security_admin)