Password Policy Problems

[microsoft.public.exchange2000.general]

I have tried everyting suggested- my passwords are setup correctly in the
default domain policy,block inheritance is un-checked. Still, when I do net
accounts- it shows different settings (only a 30 day expire, 1 password
history) All of this is being done in the group policy attached to the
"computer" level- not the user level (doesn't seem to be anything there) or
the user.

The lockout settings are also incorrect. I set "enforce password complexity
rules" to active yesterday, no effect.

Where are the places net accounts could be getting it's information (other
than default domain policy)

This was the original post:

I setup password policy rules in active directory, on the
top level, which is inherited in sub-containers. I tell
it to limit to 4 charecters or more, expire every 30 days
and maintain a 3 password history. This is done in
the "Security" area of the "Computer" tab in the group
policy.

The system refuses to make my users do this, and they all
are setting blank passwords. Saem effect if I explicidly
set this on the sub-container (not relying on inheritance)

What else effects the password policy?

It does work on my admin users, but not any of the lesser
users...

 

[David Brandt [MSFT]]

You can check the local policy to see if you get the same info but probably
will (gpedit.msc).
Verify that the clients are actually getting any policies at all (lack of
good dns resolution is a common source of this) by running either "gpresult
/v" (resource kit utility and output can go to txt file) on the 2k machines
or RSOP on the XP clients. This will show you what policies are being
applied.
Sounds like you have the pw settings in the domain, not dc, policy (common
problem) and that the config is ok, but always a good idea for folks not to
start checking/un-checking boxes for inheritance/block/etc on policies
unless they really know what they're doing, but from your post it seems that
part is ok.
Also verify that replication between your dc's is working properly if you
have several, and that all dc's are showing the same settings you made on
the one.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.