Password policy doesn't work

[Carlyle Smith]

I have applied password policies to my "Default Domain
Policy". They include a "Minimum Password Length" of 8
characters and complexity requirements.

When I test it by logging on to my workstation using a
domain test account, and change the password, it lets me
get away with "123". What could be blocking the proper
application of this policy?

Carlyle

Other Details
<> My domain controllers are using Win2k Server and my
workstation is WinXP
<> Before I tested it I forced site replication, used
SECEDIT to enforce the policy on the DC and then rebooted
my workstation.
<> GPRESULTS shows that the current version of
the "Default Domain Policy" is being applied to my
workstation.

 

[Ray Lava [MSFT]]

Carlyle,

From your description, it appears that you have set up your password policy
correctly. You might check on two things to make sure that the password
policy changes are being applied:

1. On the XP workstation, run gpedit.msc. This will open your local
computer policy. Check and see if your "minimum password length" is being
applied here. If it is not set to 8, then that policy is not being applied.

2. You mentioned that you ran a gpresult on the XP workstation, but did you
run it with a /v switch? The verbose switch will list each group policy
change so you can see if the password policy length was applied.

3. Rerun the gpupdate /force command on the xp client and then check the
application log on the XP client. If you see userenv or scecli errors, this
indicates that you are having some group policy problems.

4. If the steps listed above confirm that the group policy is not applying
properly, please take a look at this article for more information on
Troubleshooting Group Policy Application Problems:
http://support.microsoft.com/?id=250842

I hope this helps.

Ray Lava
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights