S
Stephen Chapman
A GPO query for Windows 2000 AD, XP & 2000 workstations.
I have a default domain GPO defining "Passwords must meet complexity
requirements", and several other settings with No Overrride set. This
is to update local policy settings on domain workstations. I have a
small collection of PCs that should not have password complexity set -
I thought that the way to acheive this would be to apply a Deny to the
Default Domain GPO with a group I added the computers to, and create a
second copy GPO which contained all settings except password
complexity requirements and only permission this to the computer group
..... so far so good ...
The problem I have in the lab is that the updates dont appear to be
working. If I reset the policy on the DC, and then run gpupdate /force
and then gpresult /z I dont see the updates on the workstations.
I have disabled slow link detection and tried removing and adding a
workstation back to the domain - even renaming / adding new GPOs but
the machine seems to stick with the policy its domwnloaded even an
hour ago - if I rename the GPO, gpresult still shows the old name an
hour later. I've enven rebooted the DC & the workstation, but I seem
to get unpredicable results.
Does anyone have any suggestions or a link to a good doc on GPOs.
Thanks in Advance
I have a default domain GPO defining "Passwords must meet complexity
requirements", and several other settings with No Overrride set. This
is to update local policy settings on domain workstations. I have a
small collection of PCs that should not have password complexity set -
I thought that the way to acheive this would be to apply a Deny to the
Default Domain GPO with a group I added the computers to, and create a
second copy GPO which contained all settings except password
complexity requirements and only permission this to the computer group
..... so far so good ...
The problem I have in the lab is that the updates dont appear to be
working. If I reset the policy on the DC, and then run gpupdate /force
and then gpresult /z I dont see the updates on the workstations.
I have disabled slow link detection and tried removing and adding a
workstation back to the domain - even renaming / adding new GPOs but
the machine seems to stick with the policy its domwnloaded even an
hour ago - if I rename the GPO, gpresult still shows the old name an
hour later. I've enven rebooted the DC & the workstation, but I seem
to get unpredicable results.
Does anyone have any suggestions or a link to a good doc on GPOs.
Thanks in Advance