GPO Password Policy Problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

A GPO was created to require password complexity requirements. After
applying the GPO, the policy works. However, I'm not ready to implement it;
so, I decided to disable it. With the GPO already disabled, the AD still
demand the complexity requirement. When I go to AD Users and Computers and
reset password, it always asked for the complexity requirement. Any idea?
 
You can't just disable the GPO - you have to undo the policy setting.
Enable the GPO, and change the policy setting that requires password
complexity from enabled to disabled.

The next time this GPO is applied by the DCs they will change the attribute
that configures this option and the option will no longer be enforced. You
can then disable the GPO if you like, although most if it won't be applied
after it's applied originally.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

A GPO was created to require password complexity requirements. After
applying the GPO, the policy works. However, I'm not ready to implement it;
so, I decided to disable it. With the GPO already disabled, the AD still
demand the complexity requirement. When I go to AD Users and Computers and
reset password, it always asked for the complexity requirement. Any idea?
 
cjc said:
What event would cause GPO to be applied by the DCs?
Click to expand...

5 minute default refresh (for DCs*)
....or reboot
....or manual refresh with secedit (on Win2000)
....(or GPUpdate on Win2003/XP)


Also: *90 minute default on workstations

Such refreshes do not (typically) update software but
only perform Security and Registry settings.


[/QUOTE]
 
The catch with these kinds of security policies is that they leave a
fingerprint on the whole domain. You can't just take them out of scope and
expect them to go away. You need to create a policy that specifically
counteracts your previous settings and apply that to your domain.
 
Back
Top