Overiding the default password age 42 days

K

Kevin Henry

I created and _thought_ I deployed a new password policy
that requires a 7 char, complexity enabled, 90 day
password for the Domain. I've checked on all DC's and a
lot of the clients (Windows XP SP1) they state that the
policy _IS_ what I wanted however at 42 days, users are
required to change their passwords. Using the W2K3
ResKit tool "LockOutStatus.exe" I can see that Password
max age is still 42 days. What type of things should I
be checking to see why I'm not getting the desired
response?

Thank you for your time,
Kevin Henry
 
D

David

Kevin, which policy did you use to set these values? I
seem to remeber that these values can only be set in the
default domain policy which is applied to the root of the
tree by default. You can set the values in any policy,
but only the values from the default policy are active.
 
L

Lee Messenger

Kevin,

Just make sure your password policy is linked to the domain and is listed
above the default domain policy in the list, then your account settings will
be taken from your new policy

Regards,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Max Password Age not applying 5
Enable Password Policy question 1
Do my account policies really work ? 4
Domain policy on maximum password age not getting applied 2
Group Policy Not Being Applied?? 11
Password Change 2
Minimum Password Age 1
Password complexity policy not being enforced 20

Top