Password Restrictions

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am having trouble getting a GPO that I created today to give me the
desired results. My server is a Win2K and the workstation is a WinXP. The
GPO I created defines some Account policies. The trouble I am having is
with the enforce password complexity rule. I run gpedit.msc on the XP
machine and it shows the correct GPO settings but when I go to the server
and force user to change password at next logon, it ask me to change but it
does not enforce the rules. Does anyone have any idea on this?

Thanks,
Preacher Man

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

If you want to enfore password restrictions for domain accounts, then you
should link the GPO at the domain level - or edit settings in "Default
Domain Policy" GPO.

Any password settings in the GPOs applied at the OU level will affect only
local accounts on the computers located under that OU.

--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services


"Preacher Man" <nospam> wrote in message
news:eB$j6fNfFHA.2384@TK2MSFTNGP15.phx.gbl...
>I am having trouble getting a GPO that I created today to give me the
> desired results. My server is a Win2K and the workstation is a WinXP.
> The
> GPO I created defines some Account policies. The trouble I am having is
> with the enforce password complexity rule. I run gpedit.msc on the XP
> machine and it shows the correct GPO settings but when I go to the server
> and force user to change password at next logon, it ask me to change but
> it
> does not enforce the rules. Does anyone have any idea on this?
>
> Thanks,
> Preacher Man
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

That's where I linked the policy. I created a policy at the domain level
and then for testing purposes, I changed the access list to only apply to my
PC and username.

"Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message
news:%234seEyNfFHA.3780@TK2MSFTNGP10.phx.gbl...
> If you want to enfore password restrictions for domain accounts, then you
> should link the GPO at the domain level - or edit settings in "Default
> Domain Policy" GPO.
>
> Any password settings in the GPOs applied at the OU level will affect only
> local accounts on the computers located under that OU.
>
> --
> Dmitry Korolyov [d__k@removethispart.mail.ru]
> MVP: Windows Server - Directory Services
>
>
> "Preacher Man" <nospam> wrote in message
> news:eB$j6fNfFHA.2384@TK2MSFTNGP15.phx.gbl...
>>I am having trouble getting a GPO that I created today to give me the
>> desired results. My server is a Win2K and the workstation is a WinXP.
>> The
>> GPO I created defines some Account policies. The trouble I am having is
>> with the enforce password complexity rule. I run gpedit.msc on the XP
>> machine and it shows the correct GPO settings but when I go to the server
>> and force user to change password at next logon, it ask me to change but
>> it
>> does not enforce the rules. Does anyone have any idea on this?
>>
>> Thanks,
>> Preacher Man
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

This is not going to work. Domain controllers pick up password policy from
GPO linked at the domain level.

I assume you are trying to achieve different password policy requirements
for different domain users within the same domain. It is not possible in
current architecture.

--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services


"Preacher Man" <nospam> wrote in message
news:ug9JK0NfFHA.3780@TK2MSFTNGP10.phx.gbl...
> That's where I linked the policy. I created a policy at the domain level
> and then for testing purposes, I changed the access list to only apply to
> my PC and username.
>
> "Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message
> news:%234seEyNfFHA.3780@TK2MSFTNGP10.phx.gbl...
>> If you want to enfore password restrictions for domain accounts, then you
>> should link the GPO at the domain level - or edit settings in "Default
>> Domain Policy" GPO.
>>
>> Any password settings in the GPOs applied at the OU level will affect
>> only local accounts on the computers located under that OU.
>>
>> --
>> Dmitry Korolyov [d__k@removethispart.mail.ru]
>> MVP: Windows Server - Directory Services
>>
>>
>> "Preacher Man" <nospam> wrote in message
>> news:eB$j6fNfFHA.2384@TK2MSFTNGP15.phx.gbl...
>>>I am having trouble getting a GPO that I created today to give me the
>>> desired results. My server is a Win2K and the workstation is a WinXP.
>>> The
>>> GPO I created defines some Account policies. The trouble I am having is
>>> with the enforce password complexity rule. I run gpedit.msc on the XP
>>> machine and it shows the correct GPO settings but when I go to the
>>> server
>>> and force user to change password at next logon, it ask me to change but
>>> it
>>> does not enforce the rules. Does anyone have any idea on this?
>>>
>>> Thanks,
>>> Preacher Man
>>>
>>
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> That's where I linked the policy. I created a policy at the
> domain level
> and then for testing purposes, I changed the access list to
> only apply to my
> PC and username.
>
> "Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in
> message
> news:%234seEyNfFHA.3780@TK2MSFTNGP10.phx.gbl...
> > If you want to enfore password restrictions for domain
> accounts, then you
> > should link the GPO at the domain level - or edit settings
> in "Default
> > Domain Policy" GPO.
> >
> > Any password settings in the GPOs applied at the OU level
> will affect only
> > local accounts on the computers located under that OU.
> >
> > --
> > Dmitry Korolyov [d__k@removethispart.mail.ru]
> > MVP: Windows Server - Directory Services
> >
> >
> > "Preacher Man" <nospam> wrote in message
> > news:eB$j6fNfFHA.2384@TK2MSFTNGP15.phx.gbl...
> >>I am having trouble getting a GPO that I created today to
> give me the
> >> desired results. My server is a Win2K and the workstation
> is a WinXP.
> >> The
> >> GPO I created defines some Account policies. The trouble I
> am having is
> >> with the enforce password complexity rule. I run
> gpedit.msc on the XP
> >> machine and it shows the correct GPO settings but when I go
> to the server
> >> and force user to change password at next logon, it ask me
> to change but
> >> it
> >> does not enforce the rules. Does anyone have any idea on
> this?
> >>
> >> Thanks,
> >> Preacher Man
> >>
> >
> >

although account policies and password policies are for USERS, it is
the DCs that process and enforce the policies

Cheers,

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-Password-Restrictions-ftopict551487.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1748289