group policy

[Guest]

Hi

I configured password policy on domain group policy so it applies to everyone.
When I changed the "Lockout duration" to 15 min, the server took it and the
clients took the same value.

But when I tried to change it back to "Not defined", the server did not take
it and the client did not take it. It remains the same "15 min".

So I changed it again to 20 min, and the server took it but the clients
still had the same value "15 min".

I tried the same thing with different settings "Minimum password age,
maximum password age, etc"
Once I change it to some value, the server and clients take it, but if I
change it back to undefined. the server and clients still have the same
value. It never goes back to "undefined" again.

I also changed the "refresh interval" value for computer to 30 min and the
controller to 5min (we only have primary and backup ).

Please let me know what I should do

Thanks

 

[Steven L Umbach]

When you try to change a defined setting for password policy to undefined
the result is "no change" . You need to define exactly what you want for the
password policy settings. My guess is the setting has not propagated to the
domain computers yet. Try running secedit /refreshpolicy machine_policy
/enforce on them to speed it up or reboot them. The " net accounts " command
is a quick way to see the applied policy. --- Steve

 

[Guest]

Thanks Steve,

When you try to change a defined setting for password policy to undefined
the result is "no change" . You need to define exactly what you want for the
password policy settings. My guess is the setting has not propagated to the
domain computers yet. Try running secedit /refreshpolicy machine_policy
/enforce on them to speed it up or reboot them. The " net accounts " command
is a quick way to see the applied policy. --- Steve