Password Policy Tweaked out

  • Thread starter Thread starter Sean
  • Start date Start date
S

Sean

I have W2K domain with the following settings on my
domain OU:

Enforce Pass History=0
Max Pass Age=0
Min Pass Age=0
Min Pass Length=4
Pass must meet complexity requirments=disabled
store pass using revs Encrypt=disabled

If what I've learned is correct, the Domain OU is the
only OU that can set these Policies. Why is it then that
when I try to reset someones password or even create a
new domain user I get "Windows cannot complete the
password change for %username% because: blah blah blah."
I set the policies above to be "Not Defined" and i still
get this. I have also checked all of my Group Policy
Objects and none of them have the password policy set.
 
Yes. Only policies at the domain level can control password policy. Not
Defined does not clear security policy (they remain the same), you must
dissable it.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com
 
As you can see currently I have them set at:0=disabled on Max and Min Age

I still cannot reset passwords to a 4 character password
it needs to have a special charcater and be at least 8
long. Is there another place that this is set like maybe
in the registry?
 
This issue can occur in either of the following
scenarios:
The Block Policy Inheritance option is enabled on the
Domain Controllers organizational unit.

-or-
The password policy is not set in the Default Domain
policy.
 
Glad you found it Sean. I was banging my head thinking what else could be
the cause :-)

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com
 
Back
Top