Password Policy wont take effect

  • Thread starter Thread starter Ryan DeMartini
  • Start date Start date
R

Ryan DeMartini

I set the password policy in the "domain policy" on the DC to be more strict
than the default.

requires at least 7 char
complex passwords
etc.

I allowed a whole day for the policy to propigate even though I don't think
its necessary to wait when changing the domain policy. However, it has had
no effect. The users can still set 6 char passwords and can still use
things like 123456. I checked in the group policy to see if there were
conflicting policys in place. there were none. either the GP said the same
thing as the domain policy or it said 'not defined'

any ideas?
 
When creating a new user on the DC can you use any password? What are the
refresh intervals for your group policy?
 
Cheers for the help,

GP refresh is set to the default 90 +- 30 and yes, i can create a user with
the password 123456

-alex
 
Ryan DeMartini said:
I set the password policy in the "domain policy" on the DC to be more strict
than the default.

requires at least 7 char
complex passwords
etc.

I allowed a whole day for the policy to propigate even though I don't think
its necessary to wait when changing the domain policy. However, it has had
no effect. The users can still set 6 char passwords and can still use
things like 123456. I checked in the group policy to see if there were
conflicting policys in place. there were none. either the GP said the same
thing as the domain policy or it said 'not defined'

any ideas?
Click to expand...

When you say you changed it on the "DC"... do you mean the default domain
controller policy?

The password policy for a domain can only be defined in the default domain
policy, and cannot be overridden to allow for different policy settings
throughtout the domain.


Arild
 
So you mean if I create a new OU under my Domain, and
apply totally different Psswd. Policies, that it won't
work? At the top of the domain is the only spot that I
can setup Psswd. policies? I thought we weren't supposed
to mess around with the Default Domain Policy...What do I
do? Ryan, I'm glad there's someone else out there having
the same issue.
Steve
 
Here's my suggestion.

DO NOT mess with Default Domain Policy. Create a new policy and perform
yoru settings, but it MUST be at the DOMAIN LEVEL. Not at the OU level.
 
Back
Top