Re: Group Policy
From: MittonE (eugenem_at_transcircuit.com(Do)
Date: 12/07/04
- Next message: Todd Myrick: "Re: computer account disappears from domain"
- Previous message: Todd Myrick: "Re: Domain controller not found"
- In reply to: Mohammed A. Raslan: "Re: Group Policy"
- Next in thread: Mohammed A. Raslan: "Re: Group Policy"
- Reply: Mohammed A. Raslan: "Re: Group Policy"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 7 Dec 2004 04:31:03 -0800
Hey Mohammed
Thanks for the feedback.
I logged on to the DC as the Domain Administrator and when I go to AD Users
And Computers, Domain Properties, Group Policy, Default Domain Policy,
Computer Configuration, Windows Setting, Security Settings, I only have
Public Key Policies and IP Security Policies on AD. There is no Account
Policies, Local Policies etc.
You said, if I create a new GPO I should link it to the Domain. How do I do
this, I thought if it is created in the same place as the Deafault Domain
Policy it should go out to the whole Domain.
I also did wait for more than 90 minutes but nothing happened.
If I go to the Default Domain Policy Properties, under Security I have my
name with Full Control. Under Links, if I click Find Now, it only shows my
Domain.
"Mohammed A. Raslan" wrote:
> You where in the right place, its in the "Default Domain Policy" > "Computer
> Configuration" > "Windows Settings" > "Security Settings" > "Account
> Policies" > "Password Policies"
> You should be able to change it if you are using the administrator account.
>
> You can change the password settings in the "Default Domain Policy" or even
> create a new GPO, however, note that if you create a new one, it must be
> linked to the domain (not to OUs or any other type of containers), and it
> must be on the top of the list of the GPO's linked to the domain (there as
> special cases but it's better that way).
>
> Another thing is that you must refresh the computer policy on all clients
> for the policy to take effect, you can either restart all machines in the
> domain or wait for about 90mins or run "Secedit /refreshpolicy
> machine_policy /enforce" from Windows2000 machines and "gpupdate
> /target:computer /force" from Windows XP and Windows 2003 servers
>
> --
> Yours truly,
> Mohammed A. Raslan
> Systems Engineer / Consultant
> MCSE+I NT4, MCSA: Security , MCSE: Security, MCDBA, CCNA
> Mobile: +20 (12) 36 26 112 / +965 978 1969
> E-Mail: m_raslan@link.net.removethis
>
>
> "MittonE" <eugenem@transcircuit.com(Do not Spam)> wrote in message
> news:CA544896-FFEC-4859-A1EF-4C73B7F078BB@microsoft.com...
> > I have been trying to set up the Password Policy for a few days now, but I
> > just can’t get it to work. I’ll just explain what I’m doing and maybe
> someone
> > can give me some pointers.
> >
> > When I right click on our Domain in AD Users and Computers, Click
> Properties
> > and then select the Group Policy tab, I only have Default Domain Policy.
> >
> > First of all, should I be able to change settings in this Policy, like
> when
> > I edit it, go into Computer Configuration, Windows Setting, Security
> > Settings. Should I find the Account Policies – Password Policy in there or
> is
> > the Default Domain Policy not for these types of things. I can also not
> > expand the Administrative Templates. I am thinking that b/c this is a
> Default
> > Policy, I am not able to change it. Or could it be that I do not have the
> > permissions to change it.
> >
> > Secondly, in the Group Policy tab, I click New and create a new Policy
> > called Password Policy. I edit it and go to Computer Configuration,
> Windows
> > Settings, Security Settings, Account Policies and in Password Policy I
> change
> > all the Setting to what I want. When I go to a test user created in the
> Users
> > OU, I set the Account to change Password at next logon. However, when I
> log
> > in as this User, I can change the Password to 123 or anything else. I also
> > try and change the Password for a user I created in a OU I created
> manually
> > but still no Policy enforcement.
> >
> > This whole thing is driving me crazy. If anyone could just help me and
> tell
> > me where to set this Password Policy, and in what way.
> >
> > Any help would be much Appreciated.
> >
> > Thanks
> >
> >
> >
>
>
>
- Next message: Todd Myrick: "Re: computer account disappears from domain"
- Previous message: Todd Myrick: "Re: Domain controller not found"
- In reply to: Mohammed A. Raslan: "Re: Group Policy"
- Next in thread: Mohammed A. Raslan: "Re: Group Policy"
- Reply: Mohammed A. Raslan: "Re: Group Policy"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
