GPO Password Policy is applied but not working

  • Thread starter Thread starter gabriel.kruger
  • Start date Start date
G

gabriel.kruger

I am on a windows 2000 domain and have created a Password Policy GPO
specifying password length, complexity, etc. in a a separate OU
containing some of the machines in our domain. The gpo in enabled and
Authenticated users have the correct permission.

When I use rros I see that the policy has been applied to the machine.
I also see in local security policies on the machines that the policy
has been set. Unfortunately the policy does not seem to be working.
It seems that the old local security setting is what is being used.
Anyone have a suggestion? It would really be appreciated!!!



Gabriel
 
Howdy Gabriel!

I am on a windows 2000 domain and have created a Password Policy GPO
specifying password length, complexity, etc. in a a separate OU
containing some of the machines in our domain. The gpo in enabled and
Authenticated users have the correct permission.
Click to expand...

You need to link the password policy GPO to the domain level in order to
get it working. A password policy on OU level will alter the local
password policy on the machines - not the ones on the domain.

cheers,

Florian
 
I am on a windows 2000 domain and have created a Password Policy GPO
specifying password length, complexity, etc. in a a separate OU
containing some of the machines in our domain. The gpo in enabled and
Authenticated users have the correct permission.

When I use rros I see that the policy has been applied to the machine.
I also see in local security policies on the machines that the policy
has been set. Unfortunately the policy does not seem to be working.
It seems that the old local security setting is what is being used.
Anyone have a suggestion? It would really be appreciated!!!



Gabriel
Click to expand...

I've been unable to get password policies working anywhere except in the
default domain policy. I tried specific password polices on each OU but I
get "empty" errors when I run the RSOP.
 
Tommy Tutone wrote:
Hi,
I've been unable to get password policies working anywhere except in
the default domain policy. I tried specific password polices on each
OU but I get "empty" errors when I run the RSOP.
Click to expand...

Works as designed.

Bye
Norbert
 
Hi,

Like mentioned it, this is by design.
There can be only a single password policy for each account database.
An Active Directory domain is considered a single account database.
Password policy settings for the domain must be defined in the root
container for the domain. You can use the default domain policy or
create a new GPO and link it to the domain level.

If you are a strong programmer you can try using Passfilt.dll to
customize your password policy.
There are also third party tools that you can use to achieve your
objective.

Password Filters
http://msdn.microsoft.com/library/d...y/en-us/secmgmt/security/password_filters.asp

Good luck
Password Policy done right
www.specopssoft.com
 
Back
Top