Stephen,
Take a look at the Default Domain Policy - specifically in the Computer
Configuration - Windows Setting - Security Setting - Accounts Policy -
Password Policy.
Enforce Password History - 10 passwords remembered
Minimum Password Length - 8 characters
Maximum Password Age - xx days
Minimum Password Age - xx days
Password must meet complexity - xxxxxxxx
Look at the all of the settings - is the "password must met complexity ..."
set to enabled?
Then take a look at the Domain Security Policy. It *should* be the same as
the settings from the Default Domain Policy. Just one little test - What
happens if you enter net accounts on a client system? What happens if you
enter net accounts on the DC? Is the output the same?
HTH,
Cary
Stephen said:
Well ... I am the sysadmin and I have checked the GPO and all looks fine.
It's the inconsistency I don't understand, if I can change it once then
not for the rest of the week why?
It works for some but not others? The policy is on the root of the domain
so there all getting the same one! I just don't see why its like that!