Password policies need to be applied at the domain level. Setting a
password policy at an OU level will only affect the passwords for the local
accounts. Because domain controllers do not have local accounts as servers
and workstations do, account policies that are defined in the default domain
controller's organizational unit have no effect.
See the following KB articles:
How to configure account policies in Active Directory -
http://support.microsoft.com/kb/255550/en-us
Domain Security Policy in Windows 2000 -
http://support.microsoft.com/kb/221930/
--
Judith Herman
Microsoft Corporation
Server User Assistance - Group Policy
======================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================
<Brian> wrote in message news:%(E-Mail Removed)...
>I have changed the password policies in our default domain controllers
>policy but the changes are not being enforced. We are also using group
>policies on the organizational units but the password polices are all
>disabled on these. I've tried gpupdate, logging off/on, rebooting, etc. Any
>ideas?
>
> p.s. Block Policy inheritance is not enabled in Domain Controllers
> Properties.
>
Similar Threads
