Re: Local DC Group Policy being applied for passwrds not the Defau
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Thu, 28 Sep 2006 20:30:59 +0100
I'm confused now you say "Local Computer Policy on the Dc"?
Go to Administrative tools and check:
What password polices do you have in
Default Domain Policy (This is retrieved from Default Domain Policy at
Domain level)
and in
Domain controller Security Policy (This is retrieved from Default Domain
Controller Policy at Domain controller OU Level)
you may want to post here the results for
gpresult /v >c:\gpresult.log
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Collin [MCSE:Messaging]" <CollinMCSEMessaging@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:C52C8F65-D5E4-4940-A6FE-3063CD20D2A7@xxxxxxxxxxxxxxxx
Yeah I have rebooted almost 10 times now. Removed all group policies,
replaced them, recreated them, etc. Still that stupid Local Computer
Policy
on the DC pushes out the settings for the Domain Password Policy. Is this
some R2 quirk that we don't know about yet?
"Jorge Silva" wrote:
hum....
I already had a similar issue, can you reboot the server and check again?
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Collin [MCSE:Messaging]" <CollinMCSEMessaging@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:5D65DB8D-4984-446D-BC40-B101105F632F@xxxxxxxxxxxxxxxx
I have ran those commands on both the DC and Domain Computer. Both show
the
Default Domain Policy being applied, but the password policies are not
being
applied. Rsop shows that the Default Domain Policy IS being applied,
but
again for some reason the local policy for the domain controller is
overriding the password policy for the domain. This is not one of
those
normal apply the password policy @ the domain level issues, I have
never
seen
this in all of the time I have been working with AD.
"Jorge Silva" wrote:
go to that DC run from cmd
gpupdate /force
then run rsop.msc and check again where does that setting comes from
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Collin [MCSE:Messaging]"
<CollinMCSEMessaging@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:8D94BB4E-A70F-40E2-A8F4-62C1BC4A5F2F@xxxxxxxxxxxxxxxx
Thanks for the response. That is the issue I do not have anything
higher
than the Default Domain Policy. For some reason the Default Domain
Policy
Password Policies are being overridden by the local computer policy
on
the
DC. That is the ONLY aspect of the Default Domain Policy that is
not
working. The folder redirection, tab removal, etc. is all working
through
the Default Domain Policy.
Again, for some reason the default domain policy is having ONLY its
password
policies overwritten by the Domain Controllers Local Computer
Policy.
Thanks
"Jorge Silva" wrote:
Hi
The minor admin changes worked perfectly, the run was removed,
the
background is changed, etc. But when I tried to change the
password
I
received the complexity error, but I did not have the complexity
option
set
within the Default Domain Policy.
By default that setting is define in Default Domain Policy, if you
didn't
create a conflict policy in higher priority that setting remains.
Password Policies are applied at Domain level.
So here is my question, why is the local computer policy for the
DC
applying
password policies to the domain? I have tried everything I can
think
of
and
it all comes back to the local computer policy pushing out the
password
policy.
run rsop.msc in the DC check where does that PW def. come from.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Collin [MCSE:Messaging]"
<CollinMCSEMessaging@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:81A93D93-F511-4699-AA1D-06543332CA51@xxxxxxxxxxxxxxxx
Okay her is an interesting issue.
Brand new install of Server 2003 R2, changed the Default Domain
Policy
to
include different password requirements and some minor admin
changes
(like
removing the run from start menu.).
The minor admin changes worked perfectly, the run was removed,
the
background is changed, etc. But when I tried to change the
password
I
received the complexity error, but I did not have the complexity
option
set
within the Default Domain Policy.
I ran rsop.msc and net accounts and they both showed that the
complexity
requirements were off and there was not a minimum for password
length
(just
for testing purposes). But I still was getting the same prompt
both
from
the
xp machine and from within AD Users and Computers.
I finally looked at the local computer policy for the Domain
Controller
and
to my amazement it had complexity enabled, minimum 7 chars, and
other
options. As soon as I changed those values I was able to change
the
passwords.
So here is my question, why is the local computer policy for the
DC
applying
password policies to the domain? I have tried everything I can
think
of
and
it all comes back to the local computer policy pushing out the
password
policy.
Any help would be appreciated.
.
- References:
- Re: Local DC Group Policy being applied for passwrds not the Default D
- From: Jorge Silva
- Re: Local DC Group Policy being applied for passwrds not the Defau
- From: Collin [MCSE:Messaging]
- Re: Local DC Group Policy being applied for passwrds not the Defau
- From: Jorge Silva
- Re: Local DC Group Policy being applied for passwrds not the Defau
- From: Collin [MCSE:Messaging]
- Re: Local DC Group Policy being applied for passwrds not the Defau
- From: Jorge Silva
- Re: Local DC Group Policy being applied for passwrds not the Defau
- From: Collin [MCSE:Messaging]
- Re: Local DC Group Policy being applied for passwrds not the Default D
- Prev by Date: Re: Unable to logon locally to windows 2003 DC
- Next by Date: Re: Local DC Group Policy being applied for passwrds not the Defau
- Previous by thread: Re: Local DC Group Policy being applied for passwrds not the Defau
- Next by thread: Re: Local DC Group Policy being applied for passwrds not the Defau
- Index(es):
Relevant Pages
|
