Group policy-information stored

[Boris Kocar]

Hello

does enybody know where are the information of policy stored like maximum
password age, password must meet complexity rule.

And does anybody know how to disable Password complexity with dos command.
Because i try it in Conttol panel->Administrative Tools->Domain Security
Policy

And it doesn't won't to store the information.

thanks

 

[Steven L Umbach]

Change those settings in Domain Security Policy OR at the top level GPO for the
domain container if you have more than one GPO in the domain as shown in Active
Directory Users and Computers. Highlight the domain and select properties/Group
Policy to see the GPO's for the domain. You will find the settings in computer
configuration/security settings/account policies ... The domain level is the only
place account policies can be configured for domain accounts. Complex password
setting must not be undefined - set it to disabled if you want to disable it. Also
make sure that "block inheritance" is not enabled on the domain controller container
when you make changes to password policy. Gpresult [possibly with the /v switch] can
help track down policy problems and it will also show the last time a policy was
applied. --- Steve

 

[Boris Kocar]

Thanks for you answer,b ut it didn't helped me.

If I run net accounts /domain i got this out

Force user logoff how long after time expires?: 0
Minimum password age (days): 2
Maximum password age (days): 999
Minimum password length: 0
Length of password history maintained: None
Lockout threshold: 5
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: PRIMARY
The command completed successfully.

And i disabled all this in domain policy.

Do you have any other idea?

Change those settings in Domain Security Policy OR at the top level GPO for the
domain container if you have more than one GPO in the domain as shown in Active
Directory Users and Computers. Highlight the domain and select properties/Group
Policy to see the GPO's for the domain. You will find the settings in computer
configuration/security settings/account policies ... The domain level is the only
place account policies can be configured for domain accounts. Complex password
setting must not be undefined - set it to disabled if you want to disable it. Also
make sure that "block inheritance" is not enabled on the domain controller container
when you make changes to password policy. Gpresult [possibly with the /v switch] can
help track down policy problems and it will also show the last time a policy was
applied. --- Steve

Hello

does enybody know where are the information of policy stored like maximum
password age, password must meet complexity rule.

And does anybody know how to disable Password complexity with dos command.
Because i try it in Conttol panel->Administrative Tools->Domain Security
Policy

And it doesn't won't to store the information.

thanks

 

[Derek Melber [MVP]]

How many domains do you have?

--
Derek Melber
BrainCore.Net
(e-mail address removed)

Thanks for you answer,b ut it didn't helped me.

If I run net accounts /domain i got this out

Force user logoff how long after time expires?: 0
Minimum password age (days): 2
Maximum password age (days): 999
Minimum password length: 0
Length of password history maintained: None
Lockout threshold: 5
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: PRIMARY
The command completed successfully.

And i disabled all this in domain policy.

Do you have any other idea?

Change those settings in Domain Security Policy OR at the top level GPO for the
domain container if you have more than one GPO in the domain as shown in Active
Directory Users and Computers. Highlight the domain and select properties/Group
Policy to see the GPO's for the domain. You will find the settings in computer
configuration/security settings/account policies ... The domain level is the only
place account policies can be configured for domain accounts. Complex password
setting must not be undefined - set it to disabled if you want to

disable
it. Also

make sure that "block inheritance" is not enabled on the domain

controller

container
when you make changes to password policy. Gpresult [possibly with the /v switch] can
help track down policy problems and it will also show the last time a policy was
applied. --- Steve

Hello

does enybody know where are the information of policy stored like maximum
password age, password must meet complexity rule.

And does anybody know how to disable Password complexity with dos command.
Because i try it in Conttol panel->Administrative Tools->Domain Security
Policy

And it doesn't won't to store the information.

thanks

 

[Steven L Umbach]

It might help if it you can post your computer configuration gpresult from a domain
controller. I would also run netdiag and dcdiag on your domain controller where you
configured the policy and look for any failed tests that may prove pertinent. Dcdiag
and netdiag are on the install cd in the support/tools folder where you need to run
the setup program. below is an example of gpresult output for computer configuration.
Domain account/password policy may not apply to local machine accounts for domain
machines. --- Steve

###############################################################
Last time Group Policy was applied: Tuesday, March 16, 2004 at 5:55:49 PM
Group Policy was applied from: server1-2000.umbach1.com
===============================================================
The computer received "Registry" settings from these GPOs:
Local Group Policy
Default Domain Policy
Default Domain Controllers Policy
===============================================================
The computer received "Scripts" settings from these GPOs:
Local Group Policy
===============================================================
The computer received "Security" settings from these GPOs:
Local Group Policy
Domain Main 1
Default Domain Policy
Default Domain Controllers Policy

Thanks for you answer,b ut it didn't helped me.

If I run net accounts /domain i got this out

Force user logoff how long after time expires?: 0
Minimum password age (days): 2
Maximum password age (days): 999
Minimum password length: 0
Length of password history maintained: None
Lockout threshold: 5
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: PRIMARY
The command completed successfully.

And i disabled all this in domain policy.

Do you have any other idea?

Change those settings in Domain Security Policy OR at the top level GPO for the
domain container if you have more than one GPO in the domain as shown in Active
Directory Users and Computers. Highlight the domain and select properties/Group
Policy to see the GPO's for the domain. You will find the settings in computer
configuration/security settings/account policies ... The domain level is the only
place account policies can be configured for domain accounts. Complex password
setting must not be undefined - set it to disabled if you want to disable it. Also
make sure that "block inheritance" is not enabled on the domain controller container
when you make changes to password policy. Gpresult [possibly with the /v switch] can
help track down policy problems and it will also show the last time a policy was
applied. --- Steve

Hello

does enybody know where are the information of policy stored like maximum
password age, password must meet complexity rule.

And does anybody know how to disable Password complexity with dos command.
Because i try it in Conttol panel->Administrative Tools->Domain Security
Policy

And it doesn't won't to store the information.

thanks