Re: Local DC Group Policy being applied for passwrds not the Default D

Hi
The minor admin changes worked perfectly, the run was removed, the
background is changed, etc. But when I tried to change the password I
received the complexity error, but I did not have the complexity option
set
within the Default Domain Policy.

By default that setting is define in Default Domain Policy, if you didn't
create a conflict policy in higher priority that setting remains.
Password Policies are applied at Domain level.

So here is my question, why is the local computer policy for the DC
applying
password policies to the domain? I have tried everything I can think of
and
it all comes back to the local computer policy pushing out the password
policy.

run rsop.msc in the DC check where does that PW def. come from.


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator
"Collin [MCSE:Messaging]" <CollinMCSEMessaging@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:81A93D93-F511-4699-AA1D-06543332CA51@xxxxxxxxxxxxxxxx
Okay her is an interesting issue.

Brand new install of Server 2003 R2, changed the Default Domain Policy to
include different password requirements and some minor admin changes (like
removing the run from start menu.).

The minor admin changes worked perfectly, the run was removed, the
background is changed, etc. But when I tried to change the password I
received the complexity error, but I did not have the complexity option
set
within the Default Domain Policy.

I ran rsop.msc and net accounts and they both showed that the complexity
requirements were off and there was not a minimum for password length
(just
for testing purposes). But I still was getting the same prompt both from
the
xp machine and from within AD Users and Computers.

I finally looked at the local computer policy for the Domain Controller
and
to my amazement it had complexity enabled, minimum 7 chars, and other
options. As soon as I changed those values I was able to change the
passwords.

So here is my question, why is the local computer policy for the DC
applying
password policies to the domain? I have tried everything I can think of
and
it all comes back to the local computer policy pushing out the password
policy.

Any help would be appreciated.


.

Relevant Pages

  • Re: Local DC Group Policy being applied for passwrds not the Defau
    ... For some reason the Default Domain Policy ... Password Policies are being overridden by the local computer policy on the ... received the complexity error, but I did not have the complexity option ...
    (microsoft.public.windows.server.active_directory)
  • Re: Local DC Group Policy being applied for passwrds not the Defau
    ... For some reason the Default Domain Policy ... Password Policies are being overridden by the local computer policy on the ... received the complexity error, but I did not have the complexity option ...
    (microsoft.public.windows.server.active_directory)
  • policy
    ... checkbox will, ... complexity 'rule' because that's something that would be ... checked the never expire checkbox ... would be subject to the domain policy and would have to ...
    (microsoft.public.win2000.group_policy)
  • Re: Changing Administrator Password,
    ... Domain Policy or in Local Computer Policy under the Computer ... > Where are the settings that define complexity. ... >> has set the password complexity requirements for your domain. ...
    (microsoft.public.windows.server.active_directory)
  • policy
    ... >checkbox will, ... >complexity 'rule' because that's something that would be ... > checked the never expire checkbox ... >would be subject to the domain policy and would have to ...
    (microsoft.public.win2000.group_policy)
Loading