Re: Simple question on Group Policy, Password policy and blocking inheritance

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
Date: Thu, 31 May 2007 12:03:55 +0100

Yes, because policy is blocked the PDCe won't process policy linked to the
domain unless it's enforced, so you won't get the password policy. Have a
look at this to better understand how this all works:
-- http://www.msresource.net/content/view/36/46/

Summarised, the PDCe processes the policy and writes the policy to the
attributes of the domain NC. The other DCs pick up the policy from here.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

.

Follow-Ups:
- Re: Simple question on Group Policy, Password policy and blocking inheritance
  - From: Jason W.

References:
- Simple question on Group Policy, Password policy and blocking inheritance
  - From: Jason W.

Prev by Date: Re: Windows 2003 R2 and SP2?
Next by Date: Re: Time Sync on a Windows 2003 Server
Previous by thread: Re: Simple question on Group Policy, Password policy and blocking inheritance
Next by thread: Re: Simple question on Group Policy, Password policy and blocking inheritance
Index(es):
- Date
- Thread

Relevant Pages

Re: Default Domain Controllers Policy
... I changed 4 elements of my PW policy and saw no change. ... make an account policy change (presumably to the GPT on the PDCe), ... Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool at ... I am not sure off the top of my head where to look. ...
(microsoft.public.windows.server.active_directory)
Re: Urgent - Help - Denied Permission to Logon locally
... If you add a group or groups in that policy setting it overwrites ... etc. then you won't be able to logon. ... When you revoke this in the GPO it will happen on the PDCe. ... change then has to replicate to the other DCs and then the policy must ...
(microsoft.public.windows.server.active_directory)
Re: Active Directory Expiration Notification
... a map of all attributes that can be set via the policy files agaiinst the ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... message to the user that their password is about to expire. ... Password expiration is determined by the domain password expiration ...
(microsoft.public.windows.server.active_directory)
Re: Password aging
... Setting it to -1 didn't change pwdLastSet? ... Co-author of "The .NET Developer's Guide to Directory Services ... not everyone will expire the same time. ... Your password change policy will take effect once the password has aged out and yes the local never expires will over for your service accounts. ...
(microsoft.public.windows.server.active_directory)
Re: 2003 Domain Password Policy with NT 4.0 Workstations
... The only way to exclude users from adhering to the domain password policy is ... > running Windows NT 4.0, so would the following scenario work? ... Modify the Default Domain Policy and remove the Account ...
(microsoft.public.windows.server.active_directory)