Re: Changed Domain Security Policy not changing

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Eric W. Holzapfel" <e.male@xxxxxxxxxxx>
Date: Fri, 15 Jul 2005 15:57:54 -0700

Ulf B. Simon-Weidner [MVP] wrote:

"Eric W. Holzapfel" <eholzapfel@xxxxxxxxxxxxxxx> wrote in message news:eholzapfel@xxxxxxxxxxxxxxx:
Hello AD Group,
I have set my domain security policy to no define passwords, no history,
no complexity, etc.  This is for a test server in a development
environment.  We do not want to have a domain security policy set for
passwords.
My problem, I have set the properties for the password all to "not
defined", but it still will not let me log on and change a password to
to a password with no characters, or 1 character, etc.
Hi Eric,
This is a common mistake: you have to keep the settings defined, but adjust their content to your needs, e.g. have require complexity defined but disabled, passwordlength defined but set to 0, ... If you uncheck defined than this part of the policy is not applies, and the systems are not modified.

Also make sure that you can change the password restrictions for domain users _only_ in the Default Domain Policy, or another policy linked to the Domain-Container. Default DCs or any other policy would only affect local user accounts for the computers which the policy applies to.
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
 MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
 Weblog: http://msmvps.org/UlfBSimonWeidner
 Website: http://www.windowsserverfaq.org

Fielen Dank Ulf!  I will reset accordingly.

Tcheuss,

eric
.

Follow-Ups:
- Re: Changed Domain Security Policy not changing
  - From: Ulf B. Simon-Weidner [MVP]

References:
- Changed Domain Security Policy not changing
  - From: Eric W. Holzapfel
- Re: Changed Domain Security Policy not changing
  - From: Ulf B. Simon-Weidner [MVP]

Prev by Date: Re: AD integrity with applications demanding domain admin rights??
Next by Date: W2K to W2K3 domain\user profile migration - with source server dow
Previous by thread: Re: Changed Domain Security Policy not changing
Next by thread: Re: Changed Domain Security Policy not changing
Index(es):
- Date
- Thread

Relevant Pages

Re: Group Policy and Windows 2003
... NET ACCOUNTS does not express the Password Complexity setting. ... crack open the domain security policy (off of the Start menu, ...
(microsoft.public.windows.server.active_directory)
Re: Password complexity policy not being enforced
... I am actually referring to the Domain Security Policy. ... affect any local user account that is logging ...
(microsoft.public.win2000.group_policy)
Re: Which overrides? AD or Domain Security Policy?
... yes...password never expires and cannot change password overrides the settings on default domain policy GPO password settings ... it to the Domain Security Policy so it globally affects all users - but limit ...
(microsoft.public.windows.server.active_directory)
Re: using vbscript to edit Domain Security policy Complex Password setting
... AFAIK there is no public programmatic way to set that policy. ... > it fails to meet the new default complexity passwords settings in Win ... > the password and then re-enable the domain security policy. ... > automate somewhere in the script a way of disabling the complexity ...
(microsoft.public.windows.server.scripting)
Re: Changed Domain Security Policy not changing
... I have set my domain security policy to no define passwords, no history, ... you have to keep the settings defined, but adjust their content to your needs, e.g. have require complexity defined but disabled, passwordlength defined but set to 0, ... ... Default DCs or any other policy would only affect local user accounts for the computers which the policy applies to. ...
(microsoft.public.windows.server.active_directory)