Overiding the default password age 42 days

  • Thread starter Thread starter Kevin Henry
  • Start date Start date
K

Kevin Henry

I created and _thought_ I deployed a new password policy
that requires a 7 char, complexity enabled, 90 day
password for the Domain. I've checked on all DC's and a
lot of the clients (Windows XP SP1) they state that the
policy _IS_ what I wanted however at 42 days, users are
required to change their passwords. Using the W2K3
ResKit tool "LockOutStatus.exe" I can see that Password
max age is still 42 days. What type of things should I
be checking to see why I'm not getting the desired
response?

Thank you for your time,
Kevin Henry
 
Kevin, which policy did you use to set these values? I
seem to remeber that these values can only be set in the
default domain policy which is applied to the root of the
tree by default. You can set the values in any policy,
but only the values from the default policy are active.
 
Kevin,

Just make sure your password policy is linked to the domain and is listed
above the default domain policy in the list, then your account settings will
be taken from your new policy

Regards,
 
Back
Top