GPO Password Policy is applied but not working

G

gabriel.kruger

I am on a windows 2000 domain and have created a Password Policy GPO
specifying password length, complexity, etc. in a a separate OU
containing some of the machines in our domain. The gpo in enabled and
Authenticated users have the correct permission.

When I use rros I see that the policy has been applied to the machine.
I also see in local security policies on the machines that the policy
has been set. Unfortunately the policy does not seem to be working.
It seems that the old local security setting is what is being used.
Anyone have a suggestion? It would really be appreciated!!!



Gabriel
 
F

Florian Frommherz

Howdy Gabriel!

I am on a windows 2000 domain and have created a Password Policy GPO
specifying password length, complexity, etc. in a a separate OU
containing some of the machines in our domain. The gpo in enabled and
Authenticated users have the correct permission.
Click to expand...

You need to link the password policy GPO to the domain level in order to
get it working. A password policy on OU level will alter the local
password policy on the machines - not the ones on the domain.

cheers,

Florian
 
T

Tommy Tutone

I am on a windows 2000 domain and have created a Password Policy GPO
specifying password length, complexity, etc. in a a separate OU
containing some of the machines in our domain. The gpo in enabled and
Authenticated users have the correct permission.

When I use rros I see that the policy has been applied to the machine.
I also see in local security policies on the machines that the policy
has been set. Unfortunately the policy does not seem to be working.
It seems that the old local security setting is what is being used.
Anyone have a suggestion? It would really be appreciated!!!



Gabriel
Click to expand...

I've been unable to get password policies working anywhere except in the
default domain policy. I tried specific password polices on each OU but I
get "empty" errors when I run the RSOP.
 
N

Norbert Fehlauer [MVP]

Tommy Tutone wrote:
Hi,
I've been unable to get password policies working anywhere except in
the default domain policy. I tried specific password polices on each
OU but I get "empty" errors when I run the RSOP.
Click to expand...

Works as designed.

Bye
Norbert
 
H

Harj

Hi,

Like mentioned it, this is by design.
There can be only a single password policy for each account database.
An Active Directory domain is considered a single account database.
Password policy settings for the domain must be defined in the root
container for the domain. You can use the default domain policy or
create a new GPO and link it to the domain level.

If you are a strong programmer you can try using Passfilt.dll to
customize your password policy.
There are also third party tools that you can use to achieve your
objective.

Password Filters
http://msdn.microsoft.com/library/d...y/en-us/secmgmt/security/password_filters.asp

Good luck
Password Policy done right
www.specopssoft.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

local security policy does not get applied 2
Group Policy Not Being Applied?? 11
GPO for user not applied 9
GPO not applying 1
New GPO are failing 4
GPO not being applied 2
Password Policy 4
Password policy not enforced 1

Top