Re: Default Policy not applying

On May 1, 6:24 am, "Allan Jacobs" <allanj...@xxxxxxxxxxx> wrote:
Hi Idris,

Perhaps the linking of the policy is not enabled. Look in the Group Policy
Management Console under the node for your domain, right click on the
Default Domain Policy and click enable. There may also be another policy
with conficting account settings with higher priority at the domain level.
You can use arrows in the details pane to change the processing order.

I would begin with a Resultant Set of Policy Report, triggered at the bottom
of the GPMC. I am certain that it is not any OU policies causing the
problem. They will only apply to local accounts.

Allan Jacobs"Idris" <i...@xxxxxxxxxxxxxx> wrote in message

news:%23fHwtX9iHHA.4032@xxxxxxxxxxxxxxxxxxxxxxx



Hi,

We have two domains - the root domain A and a domainB within the same
forest. We have used domain B for years but are now switching to the root
domainA - this has nothing applied in it.

We now have a few users and comptuers in.

I needed to set the Default Domain Policy so that accounts had to meet
password complexity (a very basic setting) but i'm finding that it just is
not applying - i can always create and change passwords to anything like
'password'.

I've right clicked the domain, edit Default Domain Policy and changed all
the settings to as follows:

Computer Configuration>Windows Settings>Security Settings>Account
Policies>Password Policy> Then set all this, enabled, 30 days etc etc.

They just will not apply? I've tried a gpupdate/force as well but nothing.
I applied this 2 days ago.

Any ideas on where i can look? It seems some other admins have made a few
other policies but they are based on some OUs and not the default domain
one so can't see that they would be blocking it. Any ideas?

Thanks- Hide quoted text -

- Show quoted text -

Hi,

Remember, this policy needs to be read by the domain controllers so
make sure the default domain policy is applying to the DC's.
Have you blocked inheritance at the DC level?
Check the event logs on the DC's and run net accounts on the client
machines.

Good luck

Harj Singh
Password Policy Done Right
www.specopssoft.com

.

Relevant Pages

  • Re: scripted logon
    ... Why can't you launch all the scripts from a Group Policy based Logon script. ... Here's the policy settings (I sure hope word wrap doesn't mess it up too ... Windows Components/Windows Installer ...
    (microsoft.public.windows.terminal_services)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... Server Security and Auditing Policy ... This list only includes links in the domain of the GPO. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.win2000.group_policy)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... > Server Security and Auditing Policy ... > This list only includes links in the domain of the GPO. ... > The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.win2000.group_policy)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... >> Server Security and Auditing Policy ... >> The settings in this GPO can only apply to the following groups, users, ... >> Windows Firewall: Allow file and printer sharing exception Enabled ...
    (microsoft.public.win2000.group_policy)
  • Re: GPO not picking up computer settings
    ... The user accounts are domain user accounts. ... I have removed the GPO that I ... had configured with the password settings. ... Default Domain Policy and the Default Domain Controllers Policy. ...
    (microsoft.public.windows.server.security)