Re: Default Domain password policy issue

See my last post and also verify that block inheritance is not enabled on
the domain controller container.

Steve


"rb97685" <rb97685@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:680B09A7-65D4-4659-A6D8-73242AA88676@xxxxxxxxxxxxxxxx
Actually, when I run RSoP from my PC, and apply against different profiles
on
both domain controllers, it does show policies that are applied, and the
listing of the Winning GPO. But password policy does not show as
applicable
to either DC.

"rb97685" wrote:

RSoP on the domain controllers shows password policy as not defined. No
Source GPO found.

"Steven L Umbach" wrote:

Run rsop.msc on each domain controller and check the results for
password
policy and the source GPO to see if they are what you expect. Keep in
mind
that if you have more than one GPO linked to the domain container the
GPO at
the top of the list takes precedence and can override what is shown in
Domain Security Policy if password policy is configured in a GPO above
the
default domain GPO in the list.

Steve


"rb97685" <rb97685@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:00FED3EB-1B1A-4670-BE3D-AD7D9FD85ABA@xxxxxxxxxxxxxxxx
We're having a problem where we have enabled password complexity
requirements
at the Default Domain policy level in our organization. Upon testing,
it
looks as if this policy is not being applied to many of our desktops.
Here's
are scenario:

* 2 Domain Controllers (Windows Server 2003)
* Primarily XP desktops

* I logged into one of our domain controllers, ran gpupdate, then
opened
up
gpedit.msc. The old, simple password policy appears cached on this
machine.
Settings are grayed out, cannot be changed from the console directly.
* From my client machine, I opened up the GPMC snap-in, connected to
both
DCs and reviewed policy settings. Both show as the new settings as
having
been applied.
* While connected via GPMC to the DC in question, I changed settings,
applied. The re-applied password complexity.
* Logged back onto DC console, checked gpedit. Old policy is still
cached.

Anybody know what is going on here, and how do I get rid of this
apparently
cached policy on this one DC? Thanks





.

Relevant Pages

  • Re: Default Domain password policy issue
    ... The domain controllers are members of authenticated users. ... as for applied Group Policy objects for computer settings. ... Policy replication/version problems. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.windows.group_policy)
  • RE: Account Lockout Policy
    ... he didn't say that the policy would be *linked* at ... the Domain Controllers OU, just that the domain password policy would apply ... the Domain Controllers OU will still use the password policy that is defined ... they still utilize the domain-level account settings, because, again, the ...
    (Focus-Microsoft)
  • Re: Password Policy & GPO Settings
    ... I apply the GPO at domain level policy, an after, in their security tab, i filter the scope of the GPO: ... > No, a password policy is for DOMAN, not for DomainControllers; you must> specify your password policy in the domain security settings, not domain> controller security settings;-)) ...
    (microsoft.public.win2000.active_directory)
  • Re: Default Domain Policy Question
    ... I have never seen password policy applied to the domain controllers ... >> applied and was demonstrated as prevailing policy to domain user accounts ...
    (microsoft.public.windows.group_policy)
  • RE: Effective Security
    ... Changes Are Not Applied When You Change the Password Policy ... The Block Policy Inheritance option is enabled on the Domain Controllers ... Domain Controllers organizational unit: ...
    (microsoft.public.win2000.setup)