G
Guest
I have a Domain Controller running Windows 2000 Server. The Domain container (root) has a GPO (Default Domian Policy) with password policies defined (complexity, history, length and age). Below the Domain container I have 3 OUs (Accounts, Domain Controllers and Groups). Only the Domain Controllers OU has it's own GPO (Default Domain Controllers Policy). This policy does not have any password policies defined.
Below the Accounts OU I have a child OU (EM Mailbox) that contains User accounts. I have one GPO set for this OU which does not have any password policies defined. I have selected the check box for "Block Policy Inheritance" under the Group Policy tab of the EM Mailbox properties.
I expected this to block the password policy settings from GPO on the Domain Container (root), but it has not worked. On the Domain Controller I have issued the following command after selecting the Block Policy Inheritance check box:
secedit /refreshpolicy machine_policy /enforce
I also restarted the Domain Controller after issueing the secedit command above.
I am still unable to create a new user account in the EM Mailbox OU without being subject to the password policies set in the GPO associated with the Domain Container (root). I need to be able to create the new user account using a password that does not meet all the password requirements set in the Domain Container's GPO.
Does anyone have any suggestions?
Thanks in advance!!
Below the Accounts OU I have a child OU (EM Mailbox) that contains User accounts. I have one GPO set for this OU which does not have any password policies defined. I have selected the check box for "Block Policy Inheritance" under the Group Policy tab of the EM Mailbox properties.
I expected this to block the password policy settings from GPO on the Domain Container (root), but it has not worked. On the Domain Controller I have issued the following command after selecting the Block Policy Inheritance check box:
secedit /refreshpolicy machine_policy /enforce
I also restarted the Domain Controller after issueing the secedit command above.
I am still unable to create a new user account in the EM Mailbox OU without being subject to the password policies set in the GPO associated with the Domain Container (root). I need to be able to create the new user account using a password that does not meet all the password requirements set in the Domain Container's GPO.
Does anyone have any suggestions?
Thanks in advance!!