Re: GPO - password policy - Urgent
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 2 Feb 2006 11:49:40 -0600
That is curious that you are having a problem with Windows 98 since I would
think Windows 98 would work with any password up to 14 characters but I
don't have a Windows 98 computer handy to try out such. I know that if you
disable storage of LM hashes you can have problems with Windows 98 computers
if you also enforced that recently in which is done via a security option
for Windows 2003 domain controllers in either Local Security Policy
[secpol.msc] or Domain Controller Security Policy or a registry entry for
Windows 2000 domain controllers. You may also have problems if you configure
lan manager authentication level security option to be too secure for domain
controllers such as use ntlmv2 only refuse lm or refuse lm and ntlm when
using Windows 98 computers in the domain. To disable password complexity you
set it to disabled in Domain Security Policy or whatever domain level GPO
that is applying password policy. The link below explains some of the
problems you can have with downlevel clients such as Windows 98 with certain
security option settings. So what I would do is to check lan manager
authentication level for domain controllers and make sure storage of lm
hashes is not disabled to see if that helps or not and check the KB article
for other possible incompatibilities and I really doubt it is related to
password complexity if the minimum password length is 7 characters and the
user is not trying to use a password over 14 characters. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q299656 --- info
on disabling lm hash
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q239869 --- lan
manager authentication level
"Fernando Mantovani" <femantovani@xxxxxxxxxxxx> wrote in message
news:eSWTKaBKGHA.312@xxxxxxxxxxxxxxxxxxxxxxx
I`m really desperate!!!
I have installed a new domain, with XP and 98 workstatioins. Everythings
works fine!
So, I changed the password policy to enable complexity with a minimum of 7
characters. Only after this I saw that 98 can`t use password complexity,
he
only accepts with dsclient.exe and a dword in the registry to force NTLMv2
authentication (I tried this too, but with this setting, I can`t log on
even
with the enterprise admin (that has temporarily a simple password)).
So, my problem is that I changed the default domain policy to disable
password complexity but I can`t change to a simple password in any users
of
my domain.
Is there a way to reset to "default" the default domain policy and the
default controller domain policy?
Someon has any ideas??
Tks!
.
- Follow-Ups:
- Re: GPO - password policy - Urgent
- From: Fernando Mantovani
- Re: GPO - password policy - Urgent
- From: Fernando Mantovani
- Re: GPO - password policy - Urgent
- References:
- GPO - password policy - Urgent
- From: Fernando Mantovani
- GPO - password policy - Urgent
- Prev by Date: Prevent printing JPG files
- Next by Date: Re: Allow update of properties without allowing password changes, etc
- Previous by thread: GPO - password policy - Urgent
- Next by thread: Re: GPO - password policy - Urgent
- Index(es):
Relevant Pages
|
