RE: Password History + GPO

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi Dan,

Thank you for posting in SBS newsgroup.

>From your description, I understand you can not modify the number under
keep password history for on Security Policy Setting tab on Group Policy
Object Editor. If I have misunderstood your concerns, please do not
hesitate to let me know.

Please double check the permission as following:

1. Open Server Management.
2. Expand Advanced Management | Group Policy Management | Forest | Domain |
server name | MyBusiness | Users.
3. Click SBSUsers.
4. On Delegation tab, make sure the admin account has the permission of
Link GPOs, Perform Group Policy Modeling analyses and Read Group Policy
Results data.
5. Click Advanced, and then make sure the account has Full Control
permission.

As I know, Password Polices is key to strong security and Windows Server
2003 enables the strong password protection. By default SBS 2003 will
remember 24 passwords no matter if you enable the Password Polices which is
prompted after you run CEICW. If you do want to change this setting so that
SBS server will remember fewer passwords, you can do the following steps:

1. Click Start, point to Administrative Tools and then click Domain
Security Policy.
2. Expand to Security Polices\Account Policies\Password Policy.
3. Double click on "Enforce password history" and you can then change the
settings to what you want. [Note: please make sure you have selected Define
this policy setting on Security Policy Setting tab]
4. Quit the Default Domain Security Settings window.
5. On the SBS 2003 server and all the Windows XP workstations, run the
following command:

gpupdate /force

On all Windows 2000 servers and workstations, run the following command:

secedit /refreshpolicy machine_policy /enforce

After performing the above steps, please let me know the result.

Best regards,

Crinal
--------------------
| Thread-Topic: Password History + GPO
| | From: =?Utf-8?B?RGFuIFNoYWxsYmV0dGVy?=
<DanShallbetter@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Password History + GPO
| Date: Tue, 5 Jul 2005 07:35:02 -0700
| | Newsgroups: microsoft.public.windows.server.sbs
| |
| Need help changing the password history from the default of 24. I am
logged
| on as the system Admin. When I edit the password policy under domain,
domain
| name, GPO. the 24 box is grayed out. I gave the admin account full
permission
| under the delegation tab. What am I missing?
|
| Thanks
| Dan
|
|

.

Relevant Pages

  • Administrator cant change password!
    ... Tools\Domain Security Policy, checking Password ... (enforce password history, maximum password age, minimum pass. ...
    (microsoft.public.win2000.security)
  • Windows Shortcut Keys and "ALT+TAB" not working because of GPO
    ... We've got an issue with a machine policy which prohibits us of using Windows ... Deny access to this computer from the network Support_388945a0, ... Policy Setting ...
    (microsoft.public.de.german.windowsxp.gruppen.richtlinien)
  • RE: Betr.: Minimum password requirements
    ... This policy enables administrators to enhance security by ensuring that old ... To maintain the effectiveness of the password history, ... passwords to be changed immediately when you configure the Minimum password ... default setting does not follow this recommendation, ...
    (Security-Basics)
  • Re: No Computer Settings for TS group policy
    ... policy with full control. ... MCCOYSALES\Enterprise Admins Read (from Security Filtering) No ... Policy Setting ... Small Business Server Internet Connection Firewall ...
    (microsoft.public.windows.terminal_services)
  • Re: Prevented from adding users
    ... Is the print server a cluster. ... But that should not matter if the policy is disabled. ... clients). ... The policy setting applies only to non Print ...
    (microsoft.public.windowsxp.print_fax)