Re: password change problem
- From: Harj <cisqokid@xxxxxxxxx>
- Date: 3 May 2007 12:10:58 -0700
On May 3, 12:38 pm, dilshad.ahmad...@xxxxxxxxx wrote:
I am having problems with accounts on my Windows 2003
active directory to change passwords. I first setup my
password policy on the top of the domain to be atleast 8
characters long, remember 10 previous passwords...thats
about it...all my OU's are clean and dont have any other
password restrictions, like i said, i made this at the
top and want this password policy accross the domain.
At first, all was fine, my users could ctrl-alt-delete
and change the password when ever they wanted...but I
found that remembered 10 previous passwords was a bit
harsh..so i relaxed the policy..again at the top of the
domain..but now..when my users try to ctrl-alt-delete abd
change the password..once they enter the new password,
they get an error saying that it cannot work because its
not long enough or matches previous passwords.
In all cases, the passwords do meet the 8 character
criteria i set and never used the password before..it
even comes up with my policy settings, so I then dicided
to not define any settings on the domain for the
policy..and i still cant have my users change the
password..still says that it doesnt meet the
criteria..even though everything is disabled..i checked
on all the OU's.
I first though maybe my users didnt have rights, but even
myself..an enterprise admin..I cant...i then tried to
change the password for the domain adminstrator account
and still couldnt..same error..if i go into ADS and under
the account of the user, set the option for the user to
change and next log in, no problem works fine, just cant
do ctrl-alt-delete and change it
plz resolve this problem
thanks & regards
Dilshad Ahmad
Hi,
There is your problem right there. You have a tattooed registry.
When you enable a setting in Group policy and change the value, this
is read as the value you have put in the setting.
If you then go and set it to not defined, well what did you do there?
You did not change the value did you? What you did was stay hey this
setting is not defined.
This does not CHANGE the value set previously.
So when you changed a value in the policy and then set it to not
defined, you tattooed the registry.
Go back to your policy, set the minimum password length to 8 and set
the history to something lower than 10.
Heck you can set it to 0 and password history will be disabled.
If you had a setting enabled with a value in there and you then set it
to not defined, go back into it and change the value and keep it
defined.
Remember.....not defined=tattoo
Good luck
Harj Singh
Password Policy done right
www.specopssoft.com
.
- References:
- password change problem
- From: dilshad . ahmad007
- password change problem
- Prev by Date: Re: Deny Change IP address with win xp
- Next by Date: Re: GPO Reinstall
- Previous by thread: password change problem
- Next by thread: Deny Change IP address with win xp
- Index(es):
Relevant Pages
|
