Sign in with
Sign up | Sign in
Your question

Password Policy - Effective Settings

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
April 7, 2005 7:47:06 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi All,
I have two W2k servers and they are configured to my Domain server.

Server 1:
I am able to change the Security Settings - > Password Policy -> "Password
must meet complexity requirement" property value. At this time if I see the
values of
Local Settings and Effective Settings are different. After that if I do the
action Security Settings Right Click, Reload then Local Setting values is
overlayed to the Effective settings.

Server 2:
I am able to change the Security Settings - > Password Policy -> "Password
must meet complexity requirement" property value. At this time if I see the
values of
Local Settings and Effective Settings are different. After that if I do the
action Security Settings Right Click, Reload then Local Setting values is not
overwriting the Effective settings. Means I am able to set different values
to Local and Effective setings.

Question:
1. Why Server1 is not working the same way Server2? Please advice.
2. Which Server is working correctly in Group Policy Scenario?
3. I am expecting the below command always export the value shown in the
Effectiv Settings. Am I correct?
(Because in Server1 I can not capture the 2 setting with different values so
from the command result I can not say which one it is reading). Please advice.
%SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf /areas
SECURITYPOLICY /quiet

Advance Thanks,

Murali.
Anonymous
a b 8 Security
April 7, 2005 5:47:22 PM

Archived from groups: microsoft.public.win2000.security (More info?)

For domain users you can only configure password policy at the domain level.
You can however configure different settings to a domain computer and it
will apply to local user accounts on that domain computer. If your two
servers are in the same container/OU then they should have the same
effective settings assuming default permissions to the GPO that is being
applied [no filtering]. A better way to refresh policy is with " secedit
/refeshpolicy machine_policy /enforce ". If you are still having problems
run the support tool gpresult to see that list of computer configuration
policies being applied to each computer and the last time they were applied.
Then run the netdiag support tool on the problem server to make sure it is
correctly configured for the domain and that it has no network connectivity
problems. You will also see an Event ID 1704 in the application log of a
computer indicating that security policy has been refreshed and the time it
was refreshed. --- Steve

http://support.microsoft.com/kb/227302

"Murali.A" <MuraliA@discussions.microsoft.com> wrote in message
news:D CA70A81-7F74-49AF-B64D-B7F829B329B7@microsoft.com...
> Hi All,
> I have two W2k servers and they are configured to my Domain server.
>
> Server 1:
> I am able to change the Security Settings - > Password Policy -> "Password
> must meet complexity requirement" property value. At this time if I see
> the
> values of
> Local Settings and Effective Settings are different. After that if I do
> the
> action Security Settings Right Click, Reload then Local Setting values is
> overlayed to the Effective settings.
>
> Server 2:
> I am able to change the Security Settings - > Password Policy -> "Password
> must meet complexity requirement" property value. At this time if I see
> the
> values of
> Local Settings and Effective Settings are different. After that if I do
> the
> action Security Settings Right Click, Reload then Local Setting values is
> not
> overwriting the Effective settings. Means I am able to set different
> values
> to Local and Effective setings.
>
> Question:
> 1. Why Server1 is not working the same way Server2? Please advice.
> 2. Which Server is working correctly in Group Policy Scenario?
> 3. I am expecting the below command always export the value shown in the
> Effectiv Settings. Am I correct?
> (Because in Server1 I can not capture the 2 setting with different values
> so
> from the command result I can not say which one it is reading). Please
> advice.
> %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
> /areas
> SECURITYPOLICY /quiet
>
> Advance Thanks,
>
> Murali.
!