Re: Default Domain password policy issue
- From: rb97685 <rb97685@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 25 Jul 2006 10:20:02 -0700
Only informational events that indicate Group Policy has been applied
successfully. I checked for well before the period when changing the policy,
no errors from SCECLI posted. Only informational.
Btw, if I check gpedit, or run RSoP applied to my desktop, it also shows
password complexity as being enabled. It has me baffled!
"Darren Mar-Elia (MVP)" wrote:
Are you getting any errors on those DCs in the application event logs from a.
source SCECLI?
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
And, the Windows Group Policy Guide is out from Microsoft Press!!! Check it
out at http://www.microsoft.com/mspress/books/8763.asp
GPOGUY Blog: http://blogs.dirteam.com/blogs/gpoguy
"rb97685" <rb97685@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F81ADA08-55F8-43BE-B1FA-829B17BA6F14@xxxxxxxxxxxxxxxx
I tested the policy with a password change on my own desktop, and was able
to
change to a simple password. That is what prompted further investigation.
I need to amend what I had stated earlier. BOTH DCs show the old policy
settings when running gpedit.msc (local policy) from Run. But, when you
check
DDP, password complexity has been applied. We do not have any password
policy
configured through Default Domain Controllers either.
"Darren Mar-Elia (MVP)" wrote:
So, are you saying that when a domain user logs into a desktop, they are
not
required to enter a complex password? Or, is the problem just that you
aren't seeing what you expect to see on a DC?
Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information
Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
And, the Windows Group Policy Guide is out from Microsoft Press!!! Check
it
out at http://www.microsoft.com/mspress/books/8763.asp
GPOGUY Blog: http://blogs.dirteam.com/blogs/gpoguy
"rb97685" <rb97685@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:00FED3EB-1B1A-4670-BE3D-AD7D9FD85ABA@xxxxxxxxxxxxxxxx
We're having a problem where we have enabled password complexity
requirements
at the Default Domain policy level in our organization. Upon testing,
it
looks as if this policy is not being applied to many of our desktops.
Here's
are scenario:
* 2 Domain Controllers (Windows Server 2003)
* Primarily XP desktops
* I logged into one of our domain controllers, ran gpupdate, then
opened
up
gpedit.msc. The old, simple password policy appears cached on this
machine.
Settings are grayed out, cannot be changed from the console directly.
* From my client machine, I opened up the GPMC snap-in, connected to
both
DCs and reviewed policy settings. Both show as the new settings as
having
been applied.
* While connected via GPMC to the DC in question, I changed settings,
applied. The re-applied password complexity.
* Logged back onto DC console, checked gpedit. Old policy is still
cached.
Anybody know what is going on here, and how do I get rid of this
apparently
cached policy on this one DC? Thanks
- References:
- Re: Default Domain password policy issue
- From: Darren Mar-Elia \(MVP\)
- Re: Default Domain password policy issue
- From: Darren Mar-Elia \(MVP\)
- Re: Default Domain password policy issue
- Prev by Date: Re: GP and firewall on and off domain Quick FIX
- Next by Date: Unable to create user
- Previous by thread: Re: Default Domain password policy issue
- Next by thread: Re: Default Domain password policy issue
- Index(es):
Relevant Pages
|
