password complexity

  • Thread starter Thread starter Mike D
  • Start date Start date
M

Mike D

Hello,
I'm trying to set password complexity requirements in
AD I have set the following requirements, password lenth
6 characters, enforce password complexity, and maximum
password age 90 days. I ran these commands to refresh GP
secedit /refreshpolicy machine_policy /enforce, as well
as secedit /refreshpolicy user_policy /enforce just for
good measure. All authenticated users have read and
apply. (most users have passwords set for them and set
to not expire). However my test user that I'm using, I
select for him to have to change his password at next
logon which works. But I am able to set the password to
even just one character, so none of the settings I
applied to the default domain group policy aren't being
applied.. Does anyone have any ideas? Thanks

Mike
 
Hopefully the test user is a domain user. ;) Verify on your DCs that the
command "net accounts" shows the correct settings. If it doesn't, check
your application event log and see if policy is propagating correctly
(you'll see successful scecli events). If policy isn't propagating
properly, enable security policy logging
(http://support.microsoft.com/default.aspx?scid=kb;en-us;245422) and check
%windir%\security\logs\winlogon.log for errors. Of course, these are just
pointers to try to narrow down the problem.

N
 
I am having similiar problems :)

I have checked and Domain Policy is propragating properly but when running
the net accounts command the settigs are not what they are supposed to be.
They are the default settings, 42 days expiry etc.

If you can help, then it would be greatly appreciated.
 
I got it working shortly after posting, I still don't
really know what the problem was, I set all of these in
the default GPO which is the only GPO, I then set the GPO
to no override. Which I have no idea what it was being
overridden by, being it was the only policy in place.
Unless the local computer policy was overriding it, but
by design I don't think that's how it works, but it works
none the same although I have no idea why. Thanks for
the help.

-Mike D
 
Back
Top