Password Restrictions

[Preacher Man]

I am having trouble getting a GPO that I created today to give me the
desired results. My server is a Win2K and the workstation is a WinXP. The
GPO I created defines some Account policies. The trouble I am having is
with the enforce password complexity rule. I run gpedit.msc on the XP
machine and it shows the correct GPO settings but when I go to the server
and force user to change password at next logon, it ask me to change but it
does not enforce the rules. Does anyone have any idea on this?

Thanks,
Preacher Man

 

[Dmitry Korolyov [MVP]]

If you want to enfore password restrictions for domain accounts, then you
should link the GPO at the domain level - or edit settings in "Default
Domain Policy" GPO.

Any password settings in the GPOs applied at the OU level will affect only
local accounts on the computers located under that OU.

 

[Preacher Man]

That's where I linked the policy. I created a policy at the domain level
and then for testing purposes, I changed the access list to only apply to my
PC and username.

If you want to enfore password restrictions for domain accounts, then you
should link the GPO at the domain level - or edit settings in "Default
Domain Policy" GPO.

Any password settings in the GPOs applied at the OU level will affect only
local accounts on the computers located under that OU.

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Directory Services

I am having trouble getting a GPO that I created today to give me the
desired results. My server is a Win2K and the workstation is a WinXP.
The
GPO I created defines some Account policies. The trouble I am having is
with the enforce password complexity rule. I run gpedit.msc on the XP
machine and it shows the correct GPO settings but when I go to the server
and force user to change password at next logon, it ask me to change but
it
does not enforce the rules. Does anyone have any idea on this?

Thanks,
Preacher Man

 

[Dmitry Korolyov [MVP]]

This is not going to work. Domain controllers pick up password policy from
GPO linked at the domain level.

I assume you are trying to achieve different password policy requirements
for different domain users within the same domain. It is not possible in
current architecture.

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Directory Services

That's where I linked the policy. I created a policy at the domain level
and then for testing purposes, I changed the access list to only apply to
my PC and username.

If you want to enfore password restrictions for domain accounts, then you
should link the GPO at the domain level - or edit settings in "Default
Domain Policy" GPO.

Any password settings in the GPOs applied at the OU level will affect
only local accounts on the computers located under that OU.

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Directory Services

I am having trouble getting a GPO that I created today to give me the
desired results. My server is a Win2K and the workstation is a WinXP.
The
GPO I created defines some Account policies. The trouble I am having is
with the enforce password complexity rule. I run gpedit.msc on the XP
machine and it shows the correct GPO settings but when I go to the
server
and force user to change password at next logon, it ask me to change but
it
does not enforce the rules. Does anyone have any idea on this?

Thanks,
Preacher Man

 

[Jorge_de_Almeida_Pinto]

That's where I linked the policy. I created a policy at the
domain level
and then for testing purposes, I changed the access list to
only apply to my
PC and username.

message

If you want to enfore password restrictions for domain accounts, then you
should link the GPO at the domain level - or edit settings in "Default
Domain Policy" GPO.

Any password settings in the GPOs applied at the OU level will affect only
local accounts on the computers located under that OU.

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Directory Services

I am having trouble getting a GPO that I created today to give me the
desired results. My server is a Win2K and the workstation is a WinXP.
The
GPO I created defines some Account policies. The trouble I am having is
with the enforce password complexity rule. I run gpedit.msc on the XP
machine and it shows the correct GPO settings but when I go to the server
and force user to change password at next logon, it ask me to change but
it
does not enforce the rules. Does anyone have any idea on this?

Thanks,
Preacher Man

although account policies and password policies are for USERS, it is
the DCs that process and enforce the policies

Cheers,