Re: GPO Help
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 08/03/04
- Next message: ptwilliams: "Re: New Development (Re: Newbie having a problem with AD)"
- Previous message: ptwilliams: "Re: AD site design"
- In reply to: Cary Shultz [A.D. MVP]: "Re: GPO Help"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: GPO Help"
- Reply: Cary Shultz [A.D. MVP]: "Re: GPO Help"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 4 Aug 2004 00:38:42 +0100
Yes, this has to be set at the domain level. Usually in the DDP, but it can
be set in whatever is the topmost GPO linked to the domain. I think the DCs
grab the security stuff from the (uppermost) domain policy only.
I'm wondering if the user has perhaps multiple policies linked to the
domain, e.g. DDM, Cust1, and Cust2 in that order and has set this on the
DDM. If this is the case, Cust2 could override the disabling of the
password policy on the DDM as it processed later.
I may be way off the mark here, and perhaps the policy for disabling
complexity hasn't actually been disabled -although he/she does claim to have
done this. In which case, he/she would be better off simply reading your
post...
Either way, I think we could do with a reply ;-)
-- Paul Williams _________________________________________ http://www.msresource.net Join us in our new forums! http://forums.msresource.net _________________________________________ "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message news:uMZVgNUeEHA.3520@TK2MSFTNGP10.phx.gbl... Paul, Not sure where it is done in 2003 ( assume the same as in WIN2000 ) but I always do this in the Domain Security Policy, which is a specialized section of the Default Domain Policy. However, I think that I see his/her problem. The password that he/she is using does not meet the complexity standard. He/she needs to have at least three of the four: 1) Upper-case alpha character, 2) Lower-case alpha character, 3) numeric character and 4) special character ( such as ! or @ or # or $ etc etc etc ). He/she has only one. He/she would need to do something like this: ch@ngEy0urpa$$. This example would actually have all four..... Cary "ptwilliams" <ptw2001@hotmail.com> wrote in message news:%230t4CcOeEHA.3520@TK2MSFTNGP10.phx.gbl... > Where have you set this policy?? This must be set at the domain level, that > is, this GPO must be linked to the domain. > > -- > > Paul Williams > _________________________________________ > http://www.msresource.net > > > Join us in our new forums! > http://forums.msresource.net > _________________________________________ > > > "GPO Help" <anonymous@discussions.microsoft.com> wrote in message > news:9d5b01c478d6$e47342f0$a501280a@phx.gbl... > On my 2003 server with AD these are my current GPO > settings I know they are not what someone would normally > use but this is what I have set: > enfore pass history = 1, max age =92, min pass age =1, > min pass length = 3, pass must meet complexity > requirement = disabled, store pass using reversable > encrypiton = disabled. The message i'm getting when I > try and create a user is " Windows cannot set password > for username because: The password does not meet policy > requirements. Check the minumum pass length, password > complexity, and password history requirements. The > password I was using "changeyourpass" > >
- Next message: ptwilliams: "Re: New Development (Re: Newbie having a problem with AD)"
- Previous message: ptwilliams: "Re: AD site design"
- In reply to: Cary Shultz [A.D. MVP]: "Re: GPO Help"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: GPO Help"
- Reply: Cary Shultz [A.D. MVP]: "Re: GPO Help"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
