Domain policy on maximum password age not getting applied




I am remediating few Win2K servers for compliance and seeing this issue
wherein the "Maximum Password age" for accounts is is shown as 42 days
(effective) while on domain its 30 which should be on this server as
well.Local is set to 30 but that wont help since effective is 42.I tried
following things but still not resolved

- Rejoined server to domain
- Imported policies from a compliant server
- secedit /refreshpolicy machine_policy /enforce & secedit /refreshpolicy
user_policy /enforce

Please suggest

Thanks, NK



Meinolf Weber

Hello NK,

The password policy is set on domain level, if i understand you right?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.



G Johansson

Sounds like that since if you put it on a OU it will affect the policy for
the local users on computers and not domain users...

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question