Password Policy - Effective Settings

Archived from groups: microsoft.public.win2000.security (More info?)

For domain users you can only configure password policy at the domain level.
You can however configure different settings to a domain computer and it
will apply to local user accounts on that domain computer. If your two
servers are in the same container/OU then they should have the same
effective settings assuming default permissions to the GPO that is being
applied [no filtering]. A better way to refresh policy is with " secedit
/refeshpolicy machine_policy /enforce ". If you are still having problems
run the support tool gpresult to see that list of computer configuration
policies being applied to each computer and the last time they were applied.
Then run the netdiag support tool on the problem server to make sure it is
correctly configured for the domain and that it has no network connectivity
problems. You will also see an Event ID 1704 in the application log of a
computer indicating that security policy has been refreshed and the time it
was refreshed. --- Steve

http://support.microsoft.com/kb/227302

"Murali.A" <MuraliA@discussions.microsoft.com> wrote in message
newsCA70A81-7F74-49AF-B64D-B7F829B329B7@microsoft.com...
> Hi All,
> I have two W2k servers and they are configured to my Domain server.
>
> Server 1:
> I am able to change the Security Settings - > Password Policy -> "Password
> must meet complexity requirement" property value. At this time if I see
> the
> values of
> Local Settings and Effective Settings are different. After that if I do
> the
> action Security Settings Right Click, Reload then Local Setting values is
> overlayed to the Effective settings.
>
> Server 2:
> I am able to change the Security Settings - > Password Policy -> "Password
> must meet complexity requirement" property value. At this time if I see
> the
> values of
> Local Settings and Effective Settings are different. After that if I do
> the
> action Security Settings Right Click, Reload then Local Setting values is
> not
> overwriting the Effective settings. Means I am able to set different
> values
> to Local and Effective setings.
>
> Question:
> 1. Why Server1 is not working the same way Server2? Please advice.
> 2. Which Server is working correctly in Group Policy Scenario?
> 3. I am expecting the below command always export the value shown in the
> Effectiv Settings. Am I correct?
> (Because in Server1 I can not capture the 2 setting with different values
> so
> from the command result I can not say which one it is reading). Please
> advice.
> %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
> /areas
> SECURITYPOLICY /quiet
>
> Advance Thanks,
>
> Murali.