Archived from groups: microsoft.public.win2000.group_policy (
More info?)
Hi Cheryl
I think I'd just move the policy settings to the domain level and let things
run their course. When the user's current password (which complies with
your policy) becomes 30 days old, they'll be prompted to change it.
Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Cheryl Mutschler" <cheryl.mutschler@bch-insurance.com> wrote in message
news:OcZcxVVeEHA.720@TK2MSFTNGP11.phx.gbl...
> That's interesting because it's working. It seems as though I didn't give
> the policy enough
> time to replicate. I tried using the same password when I was prompted to
> change it and a message popped up containing the exact password
> requirements
> that are in the Group Policy that I created at the OU level. But, I am
> still
> having a problem and maybe it's because of what you mentioned; Citrix
> users
> logging in through NFuse are getting a credentials error with no option to
> change their password. This same error does not occur if the user logs in
> through Remote Desktop to the MetaFrame server. This question may be best
> for Citrix.
>
> Another question for you/the newsgroup, since this 'shouldn't work' at the
> OU level, what would you suggest? Doing the same thing, force the user to
> change the password at next logon by enabling "User must change..." but
> move
> the policy to the domain level? Is there a way to force a password change
> without enabling "User must change.." and/or do you think it should it be
> done differently?
>
> Thank you,
> C
>
>
> "Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
> news:uJkgjEPeEHA.3680@TK2MSFTNGP11.phx.gbl...
>> Hi Cheryl
>>
>> You can't set password policy on an OU. Only at the domain level is this
>> allowed so that the entire domain is subject to the same settings.
>>
>> A good reference is:
>>
>>
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
>>
>> Kind regards
>> --
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>>
>> "Cheryl Mutschler" <cheryl.mutschler@bch-insurance.com> wrote in message
>> news:uX%2361ROeEHA.2440@tk2msftngp13.phx.gbl...
>> > Windows 2000 Server
>> > I'm not very familar with Group Policies so please bear with me.
>> > I've created a policy that forces a password change every 30 days, with
> a
>> > minimum length and history for an OU (right now I'm the only user in
>> > the
>> > OU). I would also like for this policy to force the first password
> change
>> > at
>> > the next logon. Given the policy, with no other changes, I won't have
>> > to
>> > change my password until 30 days from today, correct?? If I have the
>> > policy
>> > in place and also enable "User must change password at next logon",
>> > then
> I
>> > will be forced to change my password. After testing, I did have to
> change
>> > my
>> > password but the policy did not take effect - the length and history
>> > didn't
>> > take. Should the policy be take effect or not until the 30 days? The
> goal
>> > is
>> > to have the policy take effect and force password change at next logon.
>> > Thank you,
>> > Cheryl
>> >
>> >
>>
>>
>
>
>