Which GPO should have password policies enabled - Default Domain Policy or SBS Domain Policy?

From: "clarv02" <clarv02@xxxxxxxxx>
Date: 17 Jan 2007 17:03:01 -0800

I've read quite a few threads that are somewhat related to this, but
didn't seem to find exactly what I'm looking for. Since there seem to
be two different places that I can set password policies, I need to
know which one to use. It does seem a bit confusing - the fact that
there are two different policies for passwords. Coming from a non-SBS
environment (until about 7 months ago), I would always put passwords
policies ONLY in the Default Domain Policy, so I'm looking at this
other one and not sure what to do.

Our password policy was working for quite a while, then I realized
recently that we are no longer being prompted to change our passwords.
I'm the only one that does anything with our GPOs and I have not made
any changes recently regarding passwords. It's been many months since I
set our password policy, so my memory of the exact steps is a little
foggy. I do remember that I tried running the wizard to set the
policies and when I was finished, it didn't look right. I don't
remember though if that was because the Default Domain Policy was
unchanged or what. But somehow I got it working. And right now, the
password policy settings are only in the Default Domain Policy, not the
SBS Domain Password Policy.

So I'm trying to figure out how to do it properly on SBS so I can get
this working again.

Thanks!

.

Follow-Ups:
- Re: Which GPO should have password policies enabled - Default Domain Policy or SBS Domain Policy?
  - From: Justin Brown - SYNACS

Prev by Date: Re: Move SBS 2K3 to new hardware
Next by Date: Re: Move SBS 2K3 to new hardware
Previous by thread: Move SBS 2K3 to new hardware
Next by thread: Re: Which GPO should have password policies enabled - Default Domain Policy or SBS Domain Policy?
Index(es):
- Date
- Thread

Relevant Pages

Re: First time Defining Password Policy
... The password policy will only have affect WHEN the password is changed (or ... > ie users wont come in the day after I enable the policies and when logging ... Also communicate the password must be changed ... >> * Configure the complexity requirements without a max age ...
(microsoft.public.windows.server.active_directory)
Re: password policy by organizational unit
... and created accounts and set thepolicyin the OU to 10 characters. ... If you need to define two different policies to ... users have the strict policy of minimum length and change every 40 ... I can't speak for the other products, but with Password Policy ...
(microsoft.public.windows.group_policy)
Re: Where to set the domain password policy up?
... Account Policies applied to Domain Controllers apply to all accounts stored on domain controllers - that is, to all domain accounts in that domain! ... I'd say apply at the domain level still - to have consistent policy for domain accounts in the domain as well as for local accounts on all computers in that domain. ... > Is it better to set a domain password policy up at the domain node level ...
(microsoft.public.windows.server.active_directory)
Re: Which GPO should have password policies enabled - Default Domain P
... computer settings in the GPO for a password policy i want to implement. ... GPO is named Password Policy and i did this yesterday but i still dont' see ... there are two different policies for passwords. ... policies ONLY in the Default Domain Policy, ...
(microsoft.public.windows.server.sbs)
Re: password complexity
... can help support the removal of all Password Security Policies other then the ... >> have an NT4 BDC that appears to assign its old Password Policy, ... >>> they only apply to the local SAM of any computer objects within scope. ... >>> Paul Williams ...
(microsoft.public.windows.server.active_directory)