Re: Password Expiry

From: Fec (fec_at_fec.com)
Date: 01/31/05 

Date: Mon, 31 Jan 2005 14:43:01 -0000

Thanks for the reply Charles.

I ran rsop on the xp workstation & password policy was okay - no age limit
etc.etc.

However, when I ran the same on the server, all six entries under 'password
policy' had the dreaded 'white cross on red background' icon - I take it
that this means that the policy was not applied? I get the message 'The
policy engine did not attempt to configure the setting. For more information
see %windir%\security\logs\winlogon.log on the target machine'

To answer your other queries, we are running SBS 2003 premium, password
policy is set in the 'Small Business Server Domain Password Policy' GPO and
ALL client computers had to change passwords last week.

Hope you can help.

Fec
""Charles Yang [MSFT]"" <v-chayan@online.microsoft.com> wrote in message
news:GbXUw04BFHA.3152@cpmsftngxa10.phx.gbl...
>
> Hi Fec,
>
> Thank you for your post.
>
> According to your description, I understand that you encountered a problem
> that the server suddenly asking the users to change their passwords. If I
> am off base, please let me know.
>
> In order to isolate the problems, we would like to collect the following
> information:
>
> 1. Which edition of server you use, SBS2000 or SBS2003? We may use
> different methods to treat with different system.
> 2. Could you explain the way that you set the password policy?
> 3. These problems occur in all the computers, or only occur in some
> computers.
>
> If the problems only occur in a client computer, we suggest you reconfirm
> the GPO using RSoP in this client computer which running Windows Xp.
> Please
> follow the steps below:
>
> 1. Click "Start" then point to "Run".
> 2. Run rsop.msc.
>
> In the RSoP windows you can follow the detail steps below to check the
> results of the password policy:
>
> 1. Expand the "Computer Configuration->Windows Setting->Security
> Setting"
> 2. Click the Account Policy, and then point to the password policy.
> Make sure that the Maximum age is set properly.
>
> If the problems occur in the entire domain, we suggest you reconfirm the
> GPO by running RSoP on a domain and Organization Unit in the SBS server
> 2003. Please see the detail steps below:
>
> How to Run an RSoP Query on a Domain
> 1. Click Start, click Control Panel, double-click Administrative Tools,
> and
> then double-click Active Directory Users and Computers.
> 2. In the console tree, expand Active Directory Users and Computers;
> expand
> Domains, and then right-click the domain on which you want to run RSoP.
> 3. Point to All Tasks, and then click Resultant Set of Policy (Planning).
>
> How to Run an RSoP Query on an Organizational Unit
> 1. Click Start, click Control Panel, double-click Administrative Tools,
> and
> then double-click Active Directory Users and Computers .
> 2. In the console tree, expand Active Directory Users and Computers,
> expand
> Domain, expand Organizational unit, and then expand child organizational
> unit.
> 3. Right-click the organizational unit on which you want to run RSoP,
> point
> to All Tasks, and then click Resultant Set of Policy (Planning) .
>
> In the RSoP windows please follow the steps below to check the results of
> the password policy:
>
> 1. Expand the "Computer Configuration->Windows Setting->Security Setting"
> 2. Click the Account Policy, and then point to the password policy. Make
> sure that the Maximum age is set properly
>
> More info:
>
> How To Install and Use RSoP in Windows Server 2003
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;323276
>
> HOW TO: Define Security Templates By Using the Security Templates Snap-In
> in Windows Server 2003
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;816297
>
>
> I hope the above information is useful to you, if you have any questions
> please feel free to let me know.
>
> Have a nice day!
>
>
>
> Charles Yang
> Online Partner Support
> Partner Support Group
> Microsoft Global Technical Support Center
> Mailto: v-chayan@microsoft.com
>
>
> Sincerely,
>
> Charles Yang (MFST)
>
> Microsoft Online Support Engineer
>
> Get Secure! - www.microsoft.com/security
> ====================================================
> When responding to posts, please "Reply to Group" via your newsreader
>
> so that others may learn and benefit from your issue.
> ====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>

Relevant Pages

  • RE: Password Expiry
    ... In the RSoP windows you can follow the detail steps below to check the ... GPO by running RSoP on a domain and Organization Unit in the SBS server ... then double-click Active Directory Users and Computers. ...
    (microsoft.public.windows.server.sbs)
  • Re: Disable GPO Setting Locally
    ... The default Password Policy is being inherited on a server ... domain should not be effected and some of them, of course, inherit ... computers & servers in the domain. ...
    (microsoft.public.windows.server.general)
  • Re: Simple question on Password Policy
    ... The password policy is enforced by whatever computer owns the user account. ... Default Domain policy so that it is enforced by all domain member computers ... For domain user accounts, it is the domain ... those computers enforce whatever password policy applies to ...
    (microsoft.public.win2000.group_policy)
  • RE: windows 2003 server
    ... How does one dump the passwords from the SAM file. ... Subject: windows 2003 server ... Password policy can be found in Administrative Tools/ ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: Active Directory Folders
    ... I should say that I took the suggestion from the book(because it made a great ... > account objects so that these guys are under the Scope of the first Password ... > Policy and then create another Password Policy and link it to another OU ... >> there create an OU for users and an OU for Computers, ...
    (microsoft.public.windows.server.active_directory)