Re: Local DC Group Policy being applied for passwrds not the Defau

I have ran those commands on both the DC and Domain Computer. Both show the
Default Domain Policy being applied, but the password policies are not being
applied. Rsop shows that the Default Domain Policy IS being applied, but
again for some reason the local policy for the domain controller is
overriding the password policy for the domain. This is not one of those
normal apply the password policy @ the domain level issues, I have never seen
this in all of the time I have been working with AD.

"Jorge Silva" wrote:

go to that DC run from cmd
gpupdate /force
then run rsop.msc and check again where does that setting comes from
--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator
"Collin [MCSE:Messaging]" <CollinMCSEMessaging@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:8D94BB4E-A70F-40E2-A8F4-62C1BC4A5F2F@xxxxxxxxxxxxxxxx
Thanks for the response. That is the issue I do not have anything higher
than the Default Domain Policy. For some reason the Default Domain Policy
Password Policies are being overridden by the local computer policy on the
DC. That is the ONLY aspect of the Default Domain Policy that is not
working. The folder redirection, tab removal, etc. is all working through
the Default Domain Policy.

Again, for some reason the default domain policy is having ONLY its
password
policies overwritten by the Domain Controllers Local Computer Policy.

Thanks


"Jorge Silva" wrote:

Hi
The minor admin changes worked perfectly, the run was removed, the
background is changed, etc. But when I tried to change the password I
received the complexity error, but I did not have the complexity option
set
within the Default Domain Policy.

By default that setting is define in Default Domain Policy, if you didn't
create a conflict policy in higher priority that setting remains.
Password Policies are applied at Domain level.

So here is my question, why is the local computer policy for the DC
applying
password policies to the domain? I have tried everything I can think
of
and
it all comes back to the local computer policy pushing out the password
policy.

run rsop.msc in the DC check where does that PW def. come from.


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator
"Collin [MCSE:Messaging]" <CollinMCSEMessaging@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:81A93D93-F511-4699-AA1D-06543332CA51@xxxxxxxxxxxxxxxx
Okay her is an interesting issue.

Brand new install of Server 2003 R2, changed the Default Domain Policy
to
include different password requirements and some minor admin changes
(like
removing the run from start menu.).

The minor admin changes worked perfectly, the run was removed, the
background is changed, etc. But when I tried to change the password I
received the complexity error, but I did not have the complexity option
set
within the Default Domain Policy.

I ran rsop.msc and net accounts and they both showed that the
complexity
requirements were off and there was not a minimum for password length
(just
for testing purposes). But I still was getting the same prompt both
from
the
xp machine and from within AD Users and Computers.

I finally looked at the local computer policy for the Domain Controller
and
to my amazement it had complexity enabled, minimum 7 chars, and other
options. As soon as I changed those values I was able to change the
passwords.

So here is my question, why is the local computer policy for the DC
applying
password policies to the domain? I have tried everything I can think
of
and
it all comes back to the local computer policy pushing out the password
policy.

Any help would be appreciated.






.

Relevant Pages

  • Re: GROUP POLICY
    ... What exactly do you mean with "the policy file only appear in the primary DC"? ... domain policy are applied, that's by design. ... GPO: Default Domain Policy ... Computer Setting: 3 ...
    (microsoft.public.windows.server.active_directory)
  • RE: GPO settings are not applied
    ... Microsoft Windows XP Operating System Group Policy Result tool v2.0 ... GPO: Automatic_Updates ... GPO: Default Domain Policy ... Secure Proxy Server: N/A ...
    (microsoft.public.windows.server.active_directory)
  • RE: Companyweb and guests - advice?
    ... You can find the Default Domain policy under the following node: ... Open server management console, locate Advanced Management -> Group Policy ...
    (microsoft.public.windows.server.sbs)
  • Re: Preventing GP from being pushed down to a selective machine
    ... Microsoft Windows XP Operating System Group Policy Result tool v2.0 ... Default Domain Policy ... GPO: Default Domain Policy ...
    (microsoft.public.windows.server.active_directory)
  • Re: Local DC Group Policy being applied for passwrds not the Defau
    ... Default Domain Policy being applied, but the password policies are not ... Password Policies are being overridden by the local computer policy on ... received the complexity error, but I did not have the complexity ...
    (microsoft.public.windows.server.active_directory)