Re: Password Policy Issue

From: "Chriss3 [MVP]" <noSpamHere@xxxxxxxxxx>
Date: Tue, 3 May 2005 01:17:54 +0200

The password policy can only be set at the domain level, and at the GPO with
the highest priority at the domain level, that is by default, domain policy
gpo, so you have to change it there, and the change is domain wide, and
can't be done at OU level.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"Mike" <spam@xxxxxxxxxx> skrev i meddelandet
news:%230o9$81TFHA.336@xxxxxxxxxxxxxxxxxxxxxxx
> Windows 2003 AD domain.
>
> My client doesn't want to use complex passwords. I've created a OU w/ a GP
> to prevent the comlex requirements. I've "Blocked Policy inheritance".
> I've
> also disabled/changed the settings in /Computer configuration/Windows
> settings/Security Settings/account policies/Password Policy/
>
> Enforce password history 0 passwords remembered
> Max password age 365
> Min password age 30
> min password length 2
> password must meet complexity req Disabled
> Store passwords using rever encr Disabled.
>
> Between "blocking policy inheritance" and the settings listed above I'm
> confused as to why I am unable to create a user w/o getting this error.
>
>
> The password does not meet the password policy requirements. Check the
> minimum password lenght, password complexity and password history
> requirements.
>
>
>

.

Follow-Ups:
- Re: Password Policy Issue
  - From: Mike

References:
- Password Policy Issue
  - From: Mike

Prev by Date: Re: Domain Admin password changes
Next by Date: Re: DC cannot see AD
Previous by thread: Password Policy Issue
Next by thread: Re: Password Policy Issue
Index(es):
- Date
- Thread

Relevant Pages

Re: GPO Help
... grab the security stuff from the domain policy only. ... I may be way off the mark here, and perhaps the policy for disabling ... The password that he/she is using does not meet the complexity standard. ... This must be set at the domain level, that> is, this GPO must be linked to the domain. ...
(microsoft.public.windows.server.active_directory)
Re: Password Restrictions
... That's where I linked the policy. ... I created a policy at the domain level ... > Domain Policy" GPO. ... My server is a Win2K and the workstation is a WinXP. ...
(microsoft.public.win2000.active_directory)
Re: password policy/complexity
... The policy can only be defined at the domain level, ... than one GPO for the domain then configure account policies in the GPO at ... policies to not work as planned and running netdiag and dcdiag on the domain ... complexity] for a domain. ...
(microsoft.public.win2000.security)
Re: Group Policy Not Applying to an OU
... "Eric Anderson" skrev i meddelandet ... The policy that applies is the domain level policy and ... >> Computer Configuration part of the GPO it will not be applied. ... >>> If I placed the GPO at the domain level, it applied, but it does not ...
(microsoft.public.windows.group_policy)
Re: How do you overide screensave setting in GP?
... the policy is not affecting. ... If the policy is at the domain leve meaning you set it in the Default Domain ... GPO and only apply it to either users or computers. ... saver setting is set at the domain level, you do not want to do that or you ...
(microsoft.public.win2000.active_directory)