password policy

[Alexo]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I enabled a group policy to force users to change their passwords every 180
days. Management asked me to disable the policy so I did. Users are still
prompted every 180 days to change their passwords. I disabled the policy at
the OU level and at the domain level. What am I missing?
--
alexo

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

You have to disable or change the policy at the domain level for domain
users. Never "undefine" a password policy setting. Always set it to exactly
what you want. Often a setting of zero will disable the policy if there is
not specific enable/disable option. After you are done either wait at least
five minutes or use secedit to refresh security policy on the domain
controller and run the command net accounts to see the new effective
passwrods policy. --- Steve


"alexo" <alexo@discussions.microsoft.com> wrote in message
news:B0047A9D-A349-4BBF-BF36-2880A6A806DF@microsoft.com...
>I enabled a group policy to force users to change their passwords every 180
> days. Management asked me to disable the policy so I did. Users are
> still
> prompted every 180 days to change their passwords. I disabled the policy
> at
> the OU level and at the domain level. What am I missing?
> --
> alexo

 

[Alexo]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

There is not an option to disable the policy. There is only an option to
undefine.

--
alexo


"Steven L Umbach" wrote:

> You have to disable or change the policy at the domain level for domain
> users. Never "undefine" a password policy setting. Always set it to exactly
> what you want. Often a setting of zero will disable the policy if there is
> not specific enable/disable option. After you are done either wait at least
> five minutes or use secedit to refresh security policy on the domain
> controller and run the command net accounts to see the new effective
> passwrods policy. --- Steve
>
>
> "alexo" <alexo@discussions.microsoft.com> wrote in message
> news:B0047A9D-A349-4BBF-BF36-2880A6A806DF@microsoft.com...
> >I enabled a group policy to force users to change their passwords every 180
> > days. Management asked me to disable the policy so I did. Users are
> > still
> > prompted every 180 days to change their passwords. I disabled the policy
> > at
> > the OU level and at the domain level. What am I missing?
> > --
> > alexo
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Set it to zero and it should then say "password will not expire" above the
box that shows the number of days. --- Steve


"alexo" <alexo@discussions.microsoft.com> wrote in message
news34511AB-1FE6-4AF3-824B-D7F8E132880A@microsoft.com...
> There is not an option to disable the policy. There is only an option to
> undefine.
>
> --
> alexo
>
>
> "Steven L Umbach" wrote:
>
>> You have to disable or change the policy at the domain level for domain
>> users. Never "undefine" a password policy setting. Always set it to
>> exactly
>> what you want. Often a setting of zero will disable the policy if there
>> is
>> not specific enable/disable option. After you are done either wait at
>> least
>> five minutes or use secedit to refresh security policy on the domain
>> controller and run the command net accounts to see the new effective
>> passwrods policy. --- Steve
>>
>>
>> "alexo" <alexo@discussions.microsoft.com> wrote in message
>> news:B0047A9D-A349-4BBF-BF36-2880A6A806DF@microsoft.com...
>> >I enabled a group policy to force users to change their passwords every
>> >180
>> > days. Management asked me to disable the policy so I did. Users are
>> > still
>> > prompted every 180 days to change their passwords. I disabled the
>> > policy
>> > at
>> > the OU level and at the domain level. What am I missing?
>> > --
>> > alexo
>>
>>
>>