default domain policy, password policy

Toggle sidebar Toggle sidebar
B

bill

Distinguished
Mar 30, 2004
1,834
0
19,780
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I made some changes to our default domain policy, password age, min length,
password complexity, lockout duration, invalid attempts, reset acct, and from
the user portion setup a timeout to occur which will lock the desktop. The
user portion of the policy was persistant, but the computer settings kept
being set back to what they were previously. We have a root domain, which
has always had a different policy that the domain whose policy I changed
today, so I know it was being set from the root domain, and we have another
child domain whose password policy is different, and I never had this problem
there when I made changes recently. My understanding of password policies
was there can only be one per domain, so my question is how is this being
overwritten apparently through replication, by some other policy. It wasn't
until I checked the enforced setting that the policy persisted, but I thought
that only applied to downstream policies and that the default domain password
policies trumped any policies below them???

thank you
Bill
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Bill,

Not quite sure about your query, but probably this KB and the associated KBs
may give you some light.

How to configure account policies in Active Directory
http://support.microsoft.com/default.aspx?scid=kb;en-us;255550&sd=tech

br,
Denis

"Bill" <Bill@discussions.microsoft.com> wrote in message
news:3CA57E52-3469-4A13-8310-68BE8F372AF2@microsoft.com...
> I made some changes to our default domain policy, password age, min
length,
> password complexity, lockout duration, invalid attempts, reset acct, and
from
> the user portion setup a timeout to occur which will lock the desktop.
The
> user portion of the policy was persistant, but the computer settings kept
> being set back to what they were previously. We have a root domain, which
> has always had a different policy that the domain whose policy I changed
> today, so I know it was being set from the root domain, and we have
another
> child domain whose password policy is different, and I never had this
problem
> there when I made changes recently. My understanding of password policies
> was there can only be one per domain, so my question is how is this being
> overwritten apparently through replication, by some other policy. It
wasn't
> until I checked the enforced setting that the policy persisted, but I
thought
> that only applied to downstream policies and that the default domain
password
> policies trumped any policies below them???
>
> thank you
> Bill
 
B

bill

Distinguished
Mar 30, 2004
1,834
0
19,780
Archived from groups: microsoft.public.win2000.active_directory (More info?)

i appreciate the article, but that's not exactly what I was looking for. My
default domain policy's computer settings, (min password length, lockout
duration, etc.) kept being set back to their old settings a few minutes
after modifying them. It wasn't until I checked the enforced checkbox on the
gpo that the default domain policy computer settings remained changed
permanently. I don't understand why checking the enforced box fixed the
problem, or why it was a problem to begin with.

thank you,
Bill


"Denis Wong @ Hong Kong" wrote:

> Hi Bill,
>
> Not quite sure about your query, but probably this KB and the associated KBs
> may give you some light.
>
> How to configure account policies in Active Directory
> http://support.microsoft.com/default.aspx?scid=kb;en-us;255550&sd=tech
>
> br,
> Denis
>
> "Bill" <Bill@discussions.microsoft.com> wrote in message
> news:3CA57E52-3469-4A13-8310-68BE8F372AF2@microsoft.com...
> > I made some changes to our default domain policy, password age, min
> length,
> > password complexity, lockout duration, invalid attempts, reset acct, and
> from
> > the user portion setup a timeout to occur which will lock the desktop.
> The
> > user portion of the policy was persistant, but the computer settings kept
> > being set back to what they were previously. We have a root domain, which
> > has always had a different policy that the domain whose policy I changed
> > today, so I know it was being set from the root domain, and we have
> another
> > child domain whose password policy is different, and I never had this
> problem
> > there when I made changes recently. My understanding of password policies
> > was there can only be one per domain, so my question is how is this being
> > overwritten apparently through replication, by some other policy. It
> wasn't
> > until I checked the enforced setting that the policy persisted, but I
> thought
> > that only applied to downstream policies and that the default domain
> password
> > policies trumped any policies below them???
> >
> > thank you
> > Bill
>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom