RE: Password policy, no override

Hi Bill

I can understand that it can get a little confusing. try using gpresult to
find out which policies are being applied and from where.

Users log onto domain controllers setting password policies on domain
controllers ensures that domain logins are defined for authentication to the
domain purposes.

Read the following article on setting up passwod policies.

http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/win2kpol/w2kadm05.mspx



"Bill" wrote:

> I seem to keep finding different methods regarding the password policy.
>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx
>
> I understand that all users login by using the services of the domain
> controllers, but the note above clearly tells you to use a policy at the
> domain level. I've checked the password policy at my domain controllers OU,
> and none of the settings are defined, which doesn't explain why my default
> domain policy was being reverted to its previous settings.
>
> "The AD Designer" wrote:
>
> > Bill
> >
> > password policy should only be set on your default domain controllers policy
> > not you default domain policy.
> >
> > Regards
> >
> > "Bill" wrote:
> >
> > > My default domain policy's computer settings, (min password length, lockout
> > > duration, etc.) kept being set back to their old settings a few minutes
> > > after modifying them. It wasn't until I checked the enforced checkbox on the
> > > gpo that the default domain policy computer settings remained changed
> > > permanently. Strangely enough, the computer portion of the GPO remained
> > > unchanged, the login banner. I don't understand why checking the enforced,
> > > no override, box fixed the problem, or why it was a problem to begin with. I
> > > also recently experienced the same problem, and solution, at a bottom level
> > > OU policy in the computer settings of a GPO.
> > >
> > > thank you,
> > > Bill
> > >
.

Relevant Pages

  • Re: Default Domain password policy issue
    ... The domain controllers are members of authenticated users. ... as for applied Group Policy objects for computer settings. ... Policy replication/version problems. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.windows.group_policy)
  • Re: Default Domain Policy Doesnt Apply
    ... Also to add that Group Policies are by default applied in this ... level will be overriden by any defined settings at the site, domain, OU ... account policies] are not being applied to the domain controllers since they ... > password and lockout policy can ony be set at the domain level for domain ...
    (microsoft.public.win2000.group_policy)
  • Re: USERENV error - Group Policy
    ... However, as per instructions, I've set these permissions correctly. ... policy object in AD. ... folder and GPO, returning the security to normal settings, did another GP ... -Domain controllers have the read and apply rights to the Domain Controllers ...
    (microsoft.public.windows.server.active_directory)
  • RE: Account Lockout Policy
    ... he didn't say that the policy would be *linked* at ... the Domain Controllers OU, just that the domain password policy would apply ... the Domain Controllers OU will still use the password policy that is defined ... they still utilize the domain-level account settings, because, again, the ...
    (Focus-Microsoft)
  • RE: USERENV error - Group Policy
    ... with no AD policies attached. ... policy to this container and do a gpupdate, I get the error on the server. ... Domain controllers have the read and apply rights to the Domain Controllers ... I've checked numerous settings as follows: ...
    (microsoft.public.windows.server.active_directory)
Loading