Re: Password Policy Reset to the old setting, Why?

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 12/11/04

  • Next message: Herb Martin: "Re: Password Policy Reset to the old setting, Why?" 
    Date: Sat, 11 Dec 2004 11:28:17 -0500

    Homa wrote:
    > Hi all!
    > We have a W2000-Single Domain with 260 DC and 13000 Users. Curently
    > we have a Password-Policy (set at Domain Security Policy):

    I'm not a group policy expert, but I think you want to do this in your
    default domain policy, don't you?
    >
    > Enforce Password History=1 password remmeberd
    > Maximum password age=999 days
    > Minimum password age=0 days
    > Minimum password length=5 characters
    > Password must meet complexity requirements=disabled
    > Store password using reversible encryption for all users in the
    > domain=disabled
    >
    > we want to change 2 things as this the customer wishes:
    >
    > Minimum password length=6 characters

    I'd do 8.

    > Password must meet complexity requirements=enabled

    That's good.

    Also you should force regular password changes - every 90 days at least.
    >
    > OK, we do it, and after a random time (about 1 minutes to 10 minutes
    > or more) the policy is again like the old one.
    > I see in SecurityEventLog, that system-user reset this to the old
    > policy. Any idea?
    > Policy change works well in Test-Enviroment. I can't understand why
    > this in production enviroment, the 2 domain are comletley same.
    > Also I've changed about 5 months ago the policy:
    > Maximum password age
    > from default 42 days to 999 days, and that was not a problem.
    > we have disabled Norton, Tivoli, any other things, that could be a
    > problem, but nothing.
    > we consult microsoft premium support, they have no idea there.
    > any help from you?
    > thanks a lot

  • Next message: Herb Martin: "Re: Password Policy Reset to the old setting, Why?"

    Relevant Pages

    • Re: Impact of changing group policy
      ... The password complexity and minimum password length ... >I currently have a group policy that is setup that the passwords have to be ... > characters, rotate every 45 days, and the last ...
      (microsoft.public.windows.group_policy)
    • Re: GROUP POLICY
      ... What exactly do you mean with "the policy file only appear in the primary DC"? ... domain policy are applied, that's by design. ... GPO: Default Domain Policy ... Computer Setting: 3 ...
      (microsoft.public.windows.server.active_directory)
    • Re: Local DC Group Policy being applied for passwrds not the Defau
      ... Default Domain Policy being applied, but the password policies are not being ... Password Policies are being overridden by the local computer policy on the ...
      (microsoft.public.windows.server.active_directory)
    • Re: Complex password in Domain GPO not applying anywhere.
      ... We have just found out that the Password must meet complexity ... requirements isn?t working on the domain policy. ... there is a failure in security. ...
      (microsoft.public.windows.server.active_directory)
    • RE: GPO settings are not applied
      ... Microsoft Windows XP Operating System Group Policy Result tool v2.0 ... GPO: Automatic_Updates ... GPO: Default Domain Policy ... Secure Proxy Server: N/A ...
      (microsoft.public.windows.server.active_directory)