Re: List all active policies

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

On May 23, 10:36 am, Ben <B...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Harj,
I see you have replied a few times, though i do not see anything new in your
replies... I am not sure why. The last i posted was the results of me using
the GPMC.

Thanks,
Ben

Hi Ben,

It looks like my last post did not go through and my previous post was
posted multiple times. I am not asking over and over again, it could
have been my bad with hitting send a few times.
Here is the post I tried sending yesterday. This is from the output
of the net accounts

Client:
Minimum password age (days): 0
Maximum password age (days): 42
Minimum password length: 0
Length of password history maintained: None

Domain controller:
Minimum password age (days): 30
Maximum password age (days): 60
Minimum password length: 8
Length of password history maintained: 3

Two completely different settings between the client and the domain
controller.
This to me would indicate tattooing as you mention you did play with
the password policy one before.
Could it have been set in the default domain policy that is not there
anymore?
Could it have then be changed in the only policy that you have and
then you changed all the values to "not defined" as you state this
policy does not have any password settings?
Both of the above could very well tattooed the registry

You ran recreatedefpol so you should have a default domain policy now.
GPMC, link this default domain policy to the domain level and the link
order should be at 1. Make sure it applies successfully to the domain
controllers.
Once we verify replication and the policy applying on the domain
controllers, try editing the policy.
NOW, if we get this far, go and edit the password policy to something
your organization would like to implement and let's see where we go.

From what you tell me, you have only one policy linked at the domain
with no password policy values set, so what we are doing here is
getting your default domain policy (which someone removed) back to
where it should be and reversing the tattooing that has happened with
deleting policies without changing values already present.

Good Luck

Harj Singh
Password Policy done right
www.specopssoft.com

.

Relevant Pages

  • Re: Whats happening ? Group Policy problem
    ... When I was applying some Computer group policy in my domain (domain ... I have a client machine as well as a windows 2003 server ... added a group policy in the domain controller which has the authenticated ...
    (microsoft.public.win2000.active_directory)
  • Re: 2003 Domain Password Policy with NT 4.0 Workstations
    ... The only way to exclude users from adhering to the domain password policy is ... > running Windows NT 4.0, so would the following scenario work? ... Modify the Default Domain Policy and remove the Account ...
    (microsoft.public.windows.server.active_directory)
  • Re: Reasons and examples for security
    ... > One thing that is totally unneeded but which would facilitate ... > is if there were some champion in MS to take up getting a ... > mod to the gina so that there were a password policy to ... > on length minimum and relationship with complexity policy). ...
    (microsoft.public.security)
  • Re: Event 643 in Security log every 5 minutes
    ... Group/security policy is refreshed every five minutes on a domain ... > In the event log of the First DC, ... > the network should have a user right more than an ordinary domain user. ... > controller. ...
    (microsoft.public.win2000.security)
  • Re: GPO configuration
    ... > There natively is no possible way to override/bypass domain password policy ... > GPO's for password/account policy. ... >> does an account/password policy applied at the domain level override OU ... I thought the lower GPO policies would overwrite the upper levels ...
    (microsoft.public.cert.exam.mcse)