Re: Group policy and Group shield??

From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 01/18/05 

Date: Tue, 18 Jan 2005 11:24:54 -0500

Wet,

I will admin right off the bat that I am not a fan of McAfee AntiVirus
software. I am a big fan of Norton and TrendMicro. Not sure that your Anti
Virus software is necessarily causing any problems with this, though.

Let's do some basic troubleshooting:

Where did you create this Password Policy?
What are the settings?
Is it a separate GPO or is it included with some other GPO? If so, are the
other parts working?
Why do you think that it should have started today?
Do you have any GPOs that are working?
Have you made sure that DNS is correct? And that all of the clients point
only to YOUR internal DNS Servers ( and not the ISP's )?
Have you run 'net accounts' on the Domain Controllers as well as on some of
the clients? How does that look?

I would start there!

I would also suggest that you implement complexity - if you have not done
so - and educate your users as to what that means. Furthermore, I would
suggest contacting MS-PSS and getting the fix for the error message that the
user is given if he/she attempts to change the password to something that
does not meet with the complexity rules. Out of the box the error message
is not very useful or informative at all. The new error message - once you
implement the change - is very specific! The user just needs to read it!

http://support.microsoft.com/?id=821425

The call to MS-PSS does not cost you anything as long as you mention that
you are looking for the fix as discussed in that MSKB Article. They will
e-mail it to you......Just make sure to give them a valid e-mail address!

You might also want to take a look at this:

http://support.microsoft.com/?id=309799

Might be a bit too much but in my opinion you can never have too much
security. Just educate the users! 

-- 
Cary W. Shultz
Roanoke, VA  24014
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"WetBehindEars" <WetBehindEars@discussions.microsoft.com> wrote in message 
news:35328F15-3C96-462C-9AFE-C74759BD56EC@microsoft.com...
>I set up a group policy to take affect on our passwords (length, 
>expiration,
> etc) and should of started today, but it did not take affect. I also 
> received
> various messages from Alert Manager (Group Shield) this morning and was
> wondering if there is any connection.  Has anyone experienced a group 
> policy
> not working due to their virus protection?  Is it possible?  Any 
> suggestions?

Relevant Pages

  • Re: Group policy and Group shield??
    ... >> Where did you create this Password Policy? ... >> Is it a separate GPO or is it included with some other GPO? ... And that all of the clients ... The new error message - once ...
    (microsoft.public.win2000.active_directory)
  • Re: GP error
    ... > GPO from my domain controllers. ... Error message that comes ... and modify the policy? ...
    (microsoft.public.win2000.group_policy)
  • Re: FOR A SKILLED IT EXPERT - WIN2K SERVER - DOMAIN CONTROLLER
    ... Still the same error message. ... WHY WOULD THE SYSTEM DENY THE ADMINISTRATOR LOGON RIGHTS??? ... It is an MS flaw in the way the OS responds to Security Policy ...
    (microsoft.public.win2000.security)
  • Re: serious severe problems
    ... > error message comes up but i cant read it then after i do anything it ... Hi, Ryan. ... I'd start by looking at the fan on the video ... and feel if the laptop is getting too hot. ...
    (microsoft.public.security)
  • Re: Group policy and Group shield??
    ... Well it was working last week because part of the security GP was a splash ... > Is it a separate GPO or is it included with some other GPO? ... > suggest contacting MS-PSS and getting the fix for the error message that the ... > you are looking for the fix as discussed in that MSKB Article. ...
    (microsoft.public.win2000.active_directory)