Need Password Policy Help

J

James Hutchins

My Environment:
Windows 2000 Active Directory (SP4)Servers & Windows XP
(SP1) Workstations.
I have an Active Directory Policy setup for the entire
domain to force the users to change their password every
56 days.
Policy Setting are as follows:
Enfore password history = 10 passwords remembered
Maximum password age = 56 days
Minimum password age = 0 days
Minimum password length = 6 characters
Password must meet complexity requirements = Disabled
Store password using reversible encryption for all users
in the domain = Disabled.

My problem:
Once the user starts getting the warning that their
password expires after x days, and they change their
password, then the next day when they login then they get
the same message and have to change it again. This goes
on and on until they call our IT department and have an
admin to manually reset their password. I have noticed
that if the user waits till the last day, where x=1 then
when they change their password then it keeps it.

Any suggestions?
Thanks
 
M

Mark Dormer

Try setting minimum password age to a non 0 value. Does that change the
behaviour?

Try posting in the server groups for more chance of an answer.
eg. microsoft.public.win2000.group_policy

Regards
Mark Dormer
 
B

Bobby McMillan [MSFT]

James,

How many domain controllers are in your domain? Have you take a look to
see if replication is working as expected?


This posting is provided "AS IS" with no warranties, and confers no rights.
 
J

James Hutchins

Thanks for the responses.

Not all users have this problem. It seems to be sporadic
across our domain as far as locations go, but typically
with the same users at these locations.

The password policy is set at the domain level also.

I have 13 DCs in our Domain, 3 at our main site and the
others a remote locations. We have had calls that users
at the main site, as well as users off-site have
encountered this problem.

I have run DCDIAG and NETDIAG on all the domain
controllers and everything checks out OK.

I think the KB article that Steven, from the
microsoft.public.win2000.group_policy newsgroup, told me
to try may resolve my problem. The everyone security
setting was not there and we did migrate all the users
using the active directory migration tool.
http://support.microsoft.com/default.aspx?scid=kb;en-
us;258788

I will just need to wait until one of the problem users
password changes.

Thanks Again.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Password Policy not working properly 2
Security Settings for Password Policy and User properties 6
Windows XP password expiration warning does not appear reliably 5
Cannot Set Password Policy 3
Password Change 1
Windows 2003 Password 2
Password expiration notice for remote users 3
Do my account policies really work ? 4

Top