Password Policy

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I set up a default domain controller password policy which
forces a password change every one day (for testing),
allows user to change password immediately, password
history of 3 and a minimum character length of 5.
Included in the default domain controller policy was
disable CTL ALT DEL key. I implemented the policy and set
specific user accounts for password expires. The users
were prompted to change there password but were able to
change it to less than 5 characters and were able to
change it back to there original password immediately.
Also, the CTL ALT DEL keys did not come up as expected but
did after the password change took effect. It has
remained that way and users have not been prompted to
change there passwords anymore. It seems that only part
of the policy worked one time only. What's going on? Any
help is appreciated.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

To start with password/account policy for domain users can only be configured at the
domain level which would be the Domain Security Policy be default. So first try to
configure everything at that level to see if it helps. Make sure that you do not have
"block inheritance" set on your domain controllers container while you are
configuring domain account policy or changes may not take effect. -- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;255550

"dsluther" <dsluther@nptc.com> wrote in message
news:2a86001c46814$a1021780$a601280a@phx.gbl...
> I set up a default domain controller password policy which
> forces a password change every one day (for testing),
> allows user to change password immediately, password
> history of 3 and a minimum character length of 5.
> Included in the default domain controller policy was
> disable CTL ALT DEL key. I implemented the policy and set
> specific user accounts for password expires. The users
> were prompted to change there password but were able to
> change it to less than 5 characters and were able to
> change it back to there original password immediately.
> Also, the CTL ALT DEL keys did not come up as expected but
> did after the password change took effect. It has
> remained that way and users have not been prompted to
> change there passwords anymore. It seems that only part
> of the policy worked one time only. What's going on? Any
> help is appreciated.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

don't apply your policy to to "default domain controller" this will only
effect computers (and users) that are in Domain Controllers OU. Apply your
policy to "default domain policy".

Mike

"dsluther" <dsluther@nptc.com> wrote in message
news:2a86001c46814$a1021780$a601280a@phx.gbl...
> I set up a default domain controller password policy which
> forces a password change every one day (for testing),
> allows user to change password immediately, password
> history of 3 and a minimum character length of 5.
> Included in the default domain controller policy was
> disable CTL ALT DEL key. I implemented the policy and set
> specific user accounts for password expires. The users
> were prompted to change there password but were able to
> change it to less than 5 characters and were able to
> change it back to there original password immediately.
> Also, the CTL ALT DEL keys did not come up as expected but
> did after the password change took effect. It has
> remained that way and users have not been prompted to
> change there passwords anymore. It seems that only part
> of the policy worked one time only. What's going on? Any
> help is appreciated.