GPO - Password policy do not apply

[Aurelio]

Archived from groups: microsoft.public.win2000.security (More info?)

I have a probelm with password policy. It looks like it desn't apply. All
other parts of policy apply without problem. This is domain computer policy
it applies to all domain computers, no exception. User policy part is
disbled. We do not have other computer policies in domain. This is not new
policy, it is used before and it worked. I noticed when user changed password
to something silly like 'asdf' in front of me. I did a test on my account and
you can put whatever you want, but it should be at least 8 characters long
with complexity level enabled and history of 12.

Any Idea?

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

The only place where you can define password (Account) policy for domain is
under Default Domain policy or policy that replaces the Default Domain
Policy.

If you set this policy anywhere else (e.g. on OU) and you have computer
accounts in this OU, policy will only influence the local user accounts in
this OU, but _not_ domain user accounts.

Account policies
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/AccountPoliciestopnode.asp

I hope this helps,

Mike

"aurelio" <aurelio@discussions.microsoft.com> wrote in message
news:584A481C-6EB8-445F-8BF0-E75A3E361F5C@microsoft.com...
>I have a probelm with password policy. It looks like it desn't apply. All
> other parts of policy apply without problem. This is domain computer
> policy
> it applies to all domain computers, no exception. User policy part is
> disbled. We do not have other computer policies in domain. This is not new
> policy, it is used before and it worked. I noticed when user changed
> password
> to something silly like 'asdf' in front of me. I did a test on my account
> and
> you can put whatever you want, but it should be at least 8 characters long
> with complexity level enabled and history of 12.
>
> Any Idea?

 

[Aurelio]

Archived from groups: microsoft.public.win2000.security (More info?)

This is default domain policy. It is setup on domain level.

"Miha Pihler" wrote:

> Hi,
>
> The only place where you can define password (Account) policy for domain is
> under Default Domain policy or policy that replaces the Default Domain
> Policy.
>
> If you set this policy anywhere else (e.g. on OU) and you have computer
> accounts in this OU, policy will only influence the local user accounts in
> this OU, but _not_ domain user accounts.
>
> Account policies
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/AccountPoliciestopnode.asp
>
> I hope this helps,
>
> Mike
>
> "aurelio" <aurelio@discussions.microsoft.com> wrote in message
> news:584A481C-6EB8-445F-8BF0-E75A3E361F5C@microsoft.com...
> >I have a probelm with password policy. It looks like it desn't apply. All
> > other parts of policy apply without problem. This is domain computer
> > policy
> > it applies to all domain computers, no exception. User policy part is
> > disbled. We do not have other computer policies in domain. This is not new
> > policy, it is used before and it worked. I noticed when user changed
> > password
> > to something silly like 'asdf' in front of me. I did a test on my account
> > and
> > you can put whatever you want, but it should be at least 8 characters long
> > with complexity level enabled and history of 12.
> >
> > Any Idea?
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

What group did you filter? Is "Everyone" group or a security group that you
created. Make sure that "Read and Apply" is set on them....

"aurelio" wrote:

> This is default domain policy. It is setup on domain level.
>
> "Miha Pihler" wrote:
>
> > Hi,
> >
> > The only place where you can define password (Account) policy for domain is
> > under Default Domain policy or policy that replaces the Default Domain
> > Policy.
> >
> > If you set this policy anywhere else (e.g. on OU) and you have computer
> > accounts in this OU, policy will only influence the local user accounts in
> > this OU, but _not_ domain user accounts.
> >
> > Account policies
> > http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/AccountPoliciestopnode.asp
> >
> > I hope this helps,
> >
> > Mike
> >
> > "aurelio" <aurelio@discussions.microsoft.com> wrote in message
> > news:584A481C-6EB8-445F-8BF0-E75A3E361F5C@microsoft.com...
> > >I have a probelm with password policy. It looks like it desn't apply. All
> > > other parts of policy apply without problem. This is domain computer
> > > policy
> > > it applies to all domain computers, no exception. User policy part is
> > > disbled. We do not have other computer policies in domain. This is not new
> > > policy, it is used before and it worked. I noticed when user changed
> > > password
> > > to something silly like 'asdf' in front of me. I did a test on my account
> > > and
> > > you can put whatever you want, but it should be at least 8 characters long
> > > with complexity level enabled and history of 12.
> > >
> > > Any Idea?
> >
> >
> >