Password Policy - Effective Settings

Archived from groups: microsoft.public.win2000.security (More info?)

Hi All,
I have two W2k servers and they are configured to my Domain server.

Server 1:
I am able to change the Security Settings - > Password Policy -> "Password
must meet complexity requirement" property value. At this time if I see the
values of
Local Settings and Effective Settings are different. After that if I do the
action Security Settings Right Click, Reload then Local Setting values is
overlayed to the Effective settings.

Server 2:
I am able to change the Security Settings - > Password Policy -> "Password
must meet complexity requirement" property value. At this time if I see the
values of
Local Settings and Effective Settings are different. After that if I do the
action Security Settings Right Click, Reload then Local Setting values is not
overwriting the Effective settings. Means I am able to set different values
to Local and Effective setings.

Question:
1. Why Server1 is not working the same way Server2? Please advice.
2. Which Server is working correctly in Group Policy Scenario?
3. I am expecting the below command always export the value shown in the
Effectiv Settings. Am I correct?
(Because in Server1 I can not capture the 2 setting with different values so
from the command result I can not say which one it is reading). Please advice.
%SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf /areas
SECURITYPOLICY /quiet

Advance Thanks,

Murali.
1 answer Last reply
More about password policy effective settings
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    For domain users you can only configure password policy at the domain level.
    You can however configure different settings to a domain computer and it
    will apply to local user accounts on that domain computer. If your two
    servers are in the same container/OU then they should have the same
    effective settings assuming default permissions to the GPO that is being
    applied [no filtering]. A better way to refresh policy is with " secedit
    /refeshpolicy machine_policy /enforce ". If you are still having problems
    run the support tool gpresult to see that list of computer configuration
    policies being applied to each computer and the last time they were applied.
    Then run the netdiag support tool on the problem server to make sure it is
    correctly configured for the domain and that it has no network connectivity
    problems. You will also see an Event ID 1704 in the application log of a
    computer indicating that security policy has been refreshed and the time it
    was refreshed. --- Steve

    http://support.microsoft.com/kb/227302

    "Murali.A" <MuraliA@discussions.microsoft.com> wrote in message
    news:DCA70A81-7F74-49AF-B64D-B7F829B329B7@microsoft.com...
    > Hi All,
    > I have two W2k servers and they are configured to my Domain server.
    >
    > Server 1:
    > I am able to change the Security Settings - > Password Policy -> "Password
    > must meet complexity requirement" property value. At this time if I see
    > the
    > values of
    > Local Settings and Effective Settings are different. After that if I do
    > the
    > action Security Settings Right Click, Reload then Local Setting values is
    > overlayed to the Effective settings.
    >
    > Server 2:
    > I am able to change the Security Settings - > Password Policy -> "Password
    > must meet complexity requirement" property value. At this time if I see
    > the
    > values of
    > Local Settings and Effective Settings are different. After that if I do
    > the
    > action Security Settings Right Click, Reload then Local Setting values is
    > not
    > overwriting the Effective settings. Means I am able to set different
    > values
    > to Local and Effective setings.
    >
    > Question:
    > 1. Why Server1 is not working the same way Server2? Please advice.
    > 2. Which Server is working correctly in Group Policy Scenario?
    > 3. I am expecting the below command always export the value shown in the
    > Effectiv Settings. Am I correct?
    > (Because in Server1 I can not capture the 2 setting with different values
    > so
    > from the command result I can not say which one it is reading). Please
    > advice.
    > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
    > /areas
    > SECURITYPOLICY /quiet
    >
    > Advance Thanks,
    >
    > Murali.
Ask a new question

Read More

Policy Security Servers Windows