Password Policy Tweaked out

[Sean]

I have W2K domain with the following settings on my
domain OU:

Enforce Pass History=0
Max Pass Age=0
Min Pass Age=0
Min Pass Length=4
Pass must meet complexity requirments=disabled
store pass using revs Encrypt=disabled

If what I've learned is correct, the Domain OU is the
only OU that can set these Policies. Why is it then that
when I try to reset someones password or even create a
new domain user I get "Windows cannot complete the
password change for %username% because: blah blah blah."
I set the policies above to be "Not Defined" and i still
get this. I have also checked all of my Group Policy
Objects and none of them have the password policy set.

 

[Matjaz Ladava [MVP]]

Yes. Only policies at the domain level can control password policy. Not
Defined does not clear security policy (they remain the same), you must
dissable it.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com

 

[Sean]

As you can see currently I have them set at:0=disabled on Max and Min Age

I still cannot reset passwords to a 4 character password
it needs to have a special charcater and be at least 8
long. Is there another place that this is set like maybe
in the registry?

 

[Sean]

It was a stupid checkbox!

http://support.microsoft.com/default.aspx?scid=kb;en-
us;269236&Product=win2000

 

[Sean]

This issue can occur in either of the following
scenarios:
The Block Policy Inheritance option is enabled on the
Domain Controllers organizational unit.

-or-
The password policy is not set in the Default Domain
policy.

 

[Matjaz Ladava [MVP]]

Glad you found it Sean. I was banging my head thinking what else could be
the cause

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com