Re: GPO not picking up computer settings
- From: "Jarryd" <j@xxx>
- Date: Mon, 10 Apr 2006 13:40:18 +0100
Hi Steve,
I have done the NET ACCOUNTS trick and it is picking up the restrictive
settings configured in the now deleted GPO. I have set all the password
related settings to the least restrictive value, redone the GPUpdate and net
accounts still throws back the same restrictive settings. What am I doing
wrong?
TIA,
Jarryd
"Steven Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
news:e7SugOkWGHA.2376@xxxxxxxxxxxxxxxxxxxxxxx
There could be a problem with replication among domain controllers if you
have
more then one and if you do I would run the support tool gpotool to check
for
such and when you run the command net accounts on each domain controllers
you
should see the same settings. Also do not set any password/account policy
settings to undefined in default domain policy. Set it to exactly what you
want.
If a setting was defined before changing it to undefined means no change.
After
configuring the settings run gpupdate on the domain controller [assuming
Windows
2003 as Windows 2000 uses secedit command to refresh security settings]
and then
run the command net accounts to see if it is what you expect. Also make
sure
that he default domain policy is still linked to the domain container and
enabled for at least computer configuration and that authenticated users
have
read and apply permissions to it in it's properties for security. That is
all
default configuration. Running the support tool gpresult on any domain
controller should confirm that default domain policy is applying to the
computer. If "block inheritance" is enabled on the domain controller
container
for Group Policy then changes in default domain policy will not apply
until it
is removed. If more than one GPO is linked to the domain container then
the one
at the top of the list has priority as GPOs are applied from the bottom up
as
shown in the list. --- Steve
"Jarryd" <j@xxx> wrote in message
news:ObK9DGiWGHA.196@xxxxxxxxxxxxxxxxxxxxxxx
Hi Steve,
Are there any latency issues with the application/enforcement of GPOs. I
have come in this morning and found two users who have been asked to
change
their passowrds and when they try to do so, they get hammered with
complexity rules. But there is nothing special about these users, they
are
in the same OUs as all the others, so why have only they been affected?
And, I have now gone and deleted the test GPO that I had linked to the
test
OU, and I have gone and not defined the setting for account lockout and
passwords in the Default Domain Policy. However, I still can't change
the
effective user's password back to what it was originally due to password
settings. This is crazy. So I am thinking that there must be some kind
of
latency. Is there a way to force the propogation of policy settings?
TIA,
Jarryd
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uMgpvwcWGHA.3684@xxxxxxxxxxxxxxxxxxxxxxx
Run RSOP mmc snapin against a domain controller to see what it shows
for
password settings for domain users and the enforcing GPO which by
default
would be domain security policy but as Roger said could be any GPO
lined
to the domain container and the higher a GPO is in the list the more
precedence it takes. You can also run net accounts on a domain
controller
to see what is shown for password policy settings other than
complexity.
Net accounts run on a domain member computer will show the settings for
local user accounts on that computer. The link below explains more and
even though it does not explicitly say so account policies also are
defined in the domain container for Windows 2003 as shown for Windows
2000.. --- Steve
http://support.microsoft.com/kb/259576/
"Jarryd" <j@xxx> wrote in message
news:eM248rYWGHA.3848@xxxxxxxxxxxxxxxxxxxxxxx
OK, I have managed to get the GP Management tool to pick up the
settings
and it says that it is applying them in the way that I want them to on
the machine and user against which I ran the test. I went in to the
Local Policy and it has picked up the settings. But when I try to
change
there password it lets me do it with less characters that required, it
is
not picking up the history of old passwords, and it isn't enforcing
complexity. I really don't understand this.
Please help!!
Jarryd
"Jarryd" <j@xxx> wrote in message
news:e8T1EbYWGHA.5012@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have created a Group Policy for remote users. The only settings I
have configured are the ones that pertain to passwords and account
lockout. I have moved those users to an OU that is linked to the new
GP, but the settings weren't taking affect. So I generated a report
and
it came back saying the policy was empty. But that's just wrong. If
I
go in and configure user settings those are picked up, but the
computer
settings aren't. Why?
TIA,
Jarryd
.
- References:
- GPO not picking up computer settings
- From: Jarryd
- Re: GPO not picking up computer settings
- From: Jarryd
- Re: GPO not picking up computer settings
- From: Steven L Umbach
- Re: GPO not picking up computer settings
- From: Jarryd
- Re: GPO not picking up computer settings
- From: Steven Umbach
- GPO not picking up computer settings
- Prev by Date: Re: tracking urls
- Next by Date: Re: GPO not picking up computer settings
- Previous by thread: Re: GPO not picking up computer settings
- Next by thread: Re: GPO not picking up computer settings
- Index(es):
Relevant Pages
|
