Howdy Martin!

Martin B. wrote:
> I am setting up a Windows Server 2003 network and I removed the default
> domain password policy from the Default Domain Policy (set it to Not
> Defined). I created a new OU (Offices) for all my offices and within that OU
> a different OU for each office (e.g. Vancouver, Calgary,...). I created a new
> policy (Offices Group Policy) at the newly created Offices' OU and configured
> my password requirements (e.g. Minimum Password Lenght=8 characters) at that
> level but it does not work, when creating a new user in one of the city OU
> (e.g. Vancouver) I can use a 4 characters password without an error message.
> What am I doing wrong?

You can only configure ONE Password Policy per domain (by default in
windows - some third party application might enable you to define
more...). That only one Password Policy must be linked to the domain
root in order to work. Every other "Password Policy" (for example linked
to an OU) would trigger the local computer accounts.

I suggest you re-enable your Password Policy on domain level and make
your changes - you can have your eyes open for some third party
application...

cheers,

Florian
--
Nachwuschsadmin aus dem Süddeutschen/Germany.
eMail: Vorname [bei] frickelsoft [Punkt] net.
blog: http://www.frickelsoft.net/blog.

I created a new
>> policy (Offices Group Policy) at the newly created Offices' OU and
>> configured my password requirements

Account policies applied at the OU level only work when you log in locally
instead of logging into the domain.

hth
DDS
"Florian Frommherz" <(E-Mail Removed)> wrote in message
news:elusf4$lna$03$(E-Mail Removed)...
> Howdy Martin!
>
> Martin B. wrote:
>> I am setting up a Windows Server 2003 network and I removed the default
>> domain password policy from the Default Domain Policy (set it to Not
>> Defined). I created a new OU (Offices) for all my offices and within that
>> OU a different OU for each office (e.g. Vancouver, Calgary,...). I
>> created a new policy (Offices Group Policy) at the newly created Offices'
>> OU and configured my password requirements (e.g. Minimum Password
>> Lenght=8 characters) at that level but it does not work, when creating a
>> new user in one of the city OU (e.g. Vancouver) I can use a 4 characters
>> password without an error message. What am I doing wrong?
>
> You can only configure ONE Password Policy per domain (by default in
> windows - some third party application might enable you to define
> more...). That only one Password Policy must be linked to the domain root
> in order to work. Every other "Password Policy" (for example linked to an
> OU) would trigger the local computer accounts.
>
> I suggest you re-enable your Password Policy on domain level and make your
> changes - you can have your eyes open for some third party application...
>
> cheers,
>
> Florian
> --
> Nachwuschsadmin aus dem Süddeutschen/Germany.
> eMail: Vorname [bei] frickelsoft [Punkt] net.
> blog: http://www.frickelsoft.net/blog.

They only are applied to accounts created in the local SAM database of those
machines that received the GPO.
--
Kurt Roggen
http://blogontheweb.com/roggenk


"Danny Sanders" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>I created a new
>>> policy (Offices Group Policy) at the newly created Offices' OU and
>>> configured my password requirements
>
> Account policies applied at the OU level only work when you log in locally
> instead of logging into the domain.
>
> hth
> DDS
> "Florian Frommherz" <(E-Mail Removed)> wrote in
> message news:elusf4$lna$03$(E-Mail Removed)...
>> Howdy Martin!
>>
>> Martin B. wrote:
>>> I am setting up a Windows Server 2003 network and I removed the default
>>> domain password policy from the Default Domain Policy (set it to Not
>>> Defined). I created a new OU (Offices) for all my offices and within
>>> that OU a different OU for each office (e.g. Vancouver, Calgary,...). I
>>> created a new policy (Offices Group Policy) at the newly created
>>> Offices' OU and configured my password requirements (e.g. Minimum
>>> Password Lenght=8 characters) at that level but it does not work, when
>>> creating a new user in one of the city OU (e.g. Vancouver) I can use a 4
>>> characters password without an error message. What am I doing wrong?
>>
>> You can only configure ONE Password Policy per domain (by default in
>> windows - some third party application might enable you to define
>> more...). That only one Password Policy must be linked to the domain root
>> in order to work. Every other "Password Policy" (for example linked to an
>> OU) would trigger the local computer accounts.
>>
>> I suggest you re-enable your Password Policy on domain level and make
>> your changes - you can have your eyes open for some third party
>> application...
>>
>> cheers,
>>
>> Florian
>> --
>> Nachwuschsadmin aus dem Süddeutschen/Germany.
>> eMail: Vorname [bei] frickelsoft [Punkt] net.
>> blog: http://www.frickelsoft.net/blog.
>
>