Changes to Domain Policy not enforced



I have changed the password policies in our default domain controllers
policy but the changes are not being enforced. We are also using group
policies on the organizational units but the password polices are all
disabled on these. I've tried gpupdate, logging off/on, rebooting, etc. Any

p.s. Block Policy inheritance is not enabled in Domain Controllers

Judith Herman \(MSFT\)

Password policies need to be applied at the domain level. Setting a
password policy at an OU level will only affect the passwords for the local
accounts. Because domain controllers do not have local accounts as servers
and workstations do, account policies that are defined in the default domain
controller's organizational unit have no effect.

See the following KB articles:
How to configure account policies in Active Directory -
Domain Security Policy in Windows 2000 -

Judith Herman
Microsoft Corporation
Server User Assistance - Group Policy
This posting is provided "AS IS" with no warranties, and confers no rights.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question