Sign in with
Sign up | Sign in
Your question

How do I change password policy for my domain (have tryed ..

Last response: in Windows 2000/NT
Share
Anonymous
May 5, 2005 8:20:21 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I have one Windows 2003 SBE server (and some clients - I'll worry about them
later).
I am new to Windows server software (I am a developer).
My domain is called "micsys.local" (actually - I did'nt do that part of
setup/install).


Whenever (and whereever) I try to add new users I get a "bogus" message
about the password doesn't meet the requirements. I say "bogus" because:


() In "Domain Controller Security Policy" I have;
* Account Policies -- Password Policies: Set all to "Not Defined" except:
Password must meet complexity requirements = disabled
Store passwords using reversible encryption = disabled
Enforce password history = 0 passwords
Minimum password length = 0 characters
* Account Policies -- Lockout Policies:
Set to 5 attemps with 5 minutes lockout and 5 minutes reset.

() In "Domain Security Policy" I have:
* Account Policies -- Password Policies: Set all to "Not Defined" except:
Password must meet complexity requirements = disabled
Store passwords using reversible encryption = disabled
Enforce password history = 0 passwords
Minimum password length = 0 characters
* Account Policies -- Lockout Policies:
Set to 5 attemps with 5 minutes lockout and 5 minutes reset.

() In "Active Directory Users and Computers" I have:
* "micsys.local -- users": Here I have tryed add new users (no success).

() In "Group Policy" I have
* Inspected "forrest -- domains -- micsys.local -- default password policy"
(looks correct!)
* Inspected "forrest -- domain -- micsys.local -- Windows Small Business
Server password policy" (looks wrong!?!)

() Even if I do enter a "complex" password (e.g. "1q2w3e4r5t") I still get
error!



All I want to do is to temporarily disable most password policy
enforcements.
When I am done configuring I will set all up correctly and secure.
I hope someone can help me! Links, suggestions etc. all appreciated!
(I am not using Exchange! So accounts are not using Exchange!)


best regards
Thomas Schulz
Anonymous
May 5, 2005 8:20:22 PM

Archived from groups: microsoft.public.win2000.security (More info?)

For "domain users" you need to make sure that the setting for password
complexity is set to disabled in Domain Security Policy. If you set it to
undefined it will not change the existing setting which has it enabled by
default. After you are done run the command gpupdate /force on the domain
controller. --- Steve


"dk_sz" <dk_sz@hotmail.com> wrote in message
news:eQj4P3XUFHA.628@TK2MSFTNGP09.phx.gbl...
>I have one Windows 2003 SBE server (and some clients - I'll worry about
>them later).
> I am new to Windows server software (I am a developer).
> My domain is called "micsys.local" (actually - I did'nt do that part of
> setup/install).
>
>
> Whenever (and whereever) I try to add new users I get a "bogus" message
> about the password doesn't meet the requirements. I say "bogus" because:
>
>
> () In "Domain Controller Security Policy" I have;
> * Account Policies -- Password Policies: Set all to "Not Defined" except:
> Password must meet complexity requirements = disabled
> Store passwords using reversible encryption = disabled
> Enforce password history = 0 passwords
> Minimum password length = 0 characters
> * Account Policies -- Lockout Policies:
> Set to 5 attemps with 5 minutes lockout and 5 minutes reset.
>
> () In "Domain Security Policy" I have:
> * Account Policies -- Password Policies: Set all to "Not Defined" except:
> Password must meet complexity requirements = disabled
> Store passwords using reversible encryption = disabled
> Enforce password history = 0 passwords
> Minimum password length = 0 characters
> * Account Policies -- Lockout Policies:
> Set to 5 attemps with 5 minutes lockout and 5 minutes reset.
>
> () In "Active Directory Users and Computers" I have:
> * "micsys.local -- users": Here I have tryed add new users (no success).
>
> () In "Group Policy" I have
> * Inspected "forrest -- domains -- micsys.local -- default password
> policy" (looks correct!)
> * Inspected "forrest -- domain -- micsys.local -- Windows Small Business
> Server password policy" (looks wrong!?!)
>
> () Even if I do enter a "complex" password (e.g. "1q2w3e4r5t") I still get
> error!
>
>
>
> All I want to do is to temporarily disable most password policy
> enforcements.
> When I am done configuring I will set all up correctly and secure.
> I hope someone can help me! Links, suggestions etc. all appreciated!
> (I am not using Exchange! So accounts are not using Exchange!)
>
>
> best regards
> Thomas Schulz
>
Anonymous
May 6, 2005 3:34:04 AM

Archived from groups: microsoft.public.win2000.security (More info?)

> For "domain users" you need to make sure that the setting for password
> complexity is set to disabled in Domain Security Policy. If you set it to

I've already done that as I wrote in my first post...
Or where exactly do you mean?!? Because I can't
find any other/new places to set Password policy
than those I've listed! Does anyone know if
Win2003 SBE is different than a normal Windows 2003?
I can't set password policy from Group Policy snapin.


best regards
Thomas Schulz
Anonymous
May 6, 2005 3:52:20 AM

Archived from groups: microsoft.public.win2000.security (More info?)

> I've already done that as I wrote in my first post...
> Or where exactly do you mean?!? Because I can't

I must cry now... I just have to right click:
"Small Business Server Password Security Policy"...
And I am brought to "Edit" (where I can se it... YES!!!
Only spent a couple of hours looking for such a thing!)
Luckily I have a cold and slight fever so I can always blame that
but... I wonder why they've tryed to hide the "Edit" so well.

best regards
Thomas Schulz
(the total newbee at Windowss 2003)
!