Password Policy

[dsluther]

I set up a default domain controller password policy which
forces a password change every one day (for testing),
allows user to change password immediately, password
history of 3 and a minimum character length of 5.
Included in the default domain controller policy was
disable CTL ALT DEL key. I implemented the policy and set
specific user accounts for password expires. The users
were prompted to change there password but were able to
change it to less than 5 characters and were able to
change it back to there original password immediately.
Also, the CTL ALT DEL keys did not come up as expected but
did after the password change took effect. It has
remained that way and users have not been prompted to
change there passwords anymore. It seems that only part
of the policy worked one time only. What's going on? Any
help is appreciated.

 

[Miha Pihler]

Hi,

don't apply your policy to to "default domain controller" this will only
effect computers (and users) that are in Domain Controllers OU. Apply your
policy to "default domain policy".

Mike

 

[Steven L Umbach]

To start with password/account policy for domain users can only be configured at the
domain level which would be the Domain Security Policy be default. So first try to
configure everything at that level to see if it helps. Make sure that you do not have
"block inheritance" set on your domain controllers container while you are
configuring domain account policy or changes may not take effect. -- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;255550