C
Chad
Has anyone had luck at setting up a password policy? We
cannot seem to get it to work. Advise???
cannot seem to get it to work. Advise???
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
T
Tim Hines [MSFT]
At what level are you setting your password policy? Have you verified that
group policies are being processed on the DCs? The following article may
help.
269236 Changes Are Not Applied When You Change the Password Policy
http://support.microsoft.com/?id=269236
--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
group policies are being processed on the DCs? The following article may
help.
269236 Changes Are Not Applied When You Change the Password Policy
http://support.microsoft.com/?id=269236
--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
H
Herb Martin
Has anyone had luck at setting up a password policy? We
Well, sure. Since this just works, we probably don't
understand what problems you experience or what environment
you are using, e.g.,
Domain (Group Policy) or Single Machine?
Group Policy can only do this from AD at the DOMAIN
(e.g., NOT the OU or Site level).
Client types?
cannot seem to get it to work. Advise???
Well, sure. Since this just works, we probably don't
understand what problems you experience or what environment
you are using, e.g.,
Domain (Group Policy) or Single Machine?
Group Policy can only do this from AD at the DOMAIN
(e.g., NOT the OU or Site level).
Client types?
C
Chad Weatherford
Well, we were trying out the OU level. So that answers
that. From what I have learned, we can create a child
domain for testing purposes...so I guess we will start
there.
As to your questions:Mixed 2000 and NT environment. Is
there anyway to make the GPO work with the NT boxes?
Thanks for the post!
Chad
that. From what I have learned, we can create a child
domain for testing purposes...so I guess we will start
there.
As to your questions:Mixed 2000 and NT environment. Is
there anyway to make the GPO work with the NT boxes?
Thanks for the post!
Chad
D
Dave Shaw [MVP]
Set the domain security policy on the "Domain Controller" OU. DCs enforce
domain policy. Users logging into the domain will have that policy
enforced. Users logging on with local machine accounts will have local
policy enforced on them.
-ds
domain policy. Users logging into the domain will have that policy
enforced. Users logging on with local machine accounts will have local
policy enforced on them.
-ds
H
Herb Martin
Well, we were trying out the OU level. So that answers
No, but the password policy is usually directed at the DOMAIN
controllers anyway -- if you want to control similar stuff on
NT workstations (like settings for local accounts) use the older
System Policies. [System Policies aren't as much fun or as useful
but they can be made to work if you are persistent.]
Even the (misnamed) "Active Directory Client Update" for NT or
9x -- aka DSClient -- won't do it. It really just makes the multi-master
and site aware.
Ok, it does give them some LDAP functionality but it doesn't make
them Active Directory clients for normal (built-in stuff) nor does it
help them with Group Policies (GPOs are part of AD) nor the
associated automatic software deployment.
that. From what I have learned, we can create a child
domain for testing purposes...so I guess we will start
there.
As to your questions:Mixed 2000 and NT environment. Is
there anyway to make the GPO work with the NT boxes?
No, but the password policy is usually directed at the DOMAIN
controllers anyway -- if you want to control similar stuff on
NT workstations (like settings for local accounts) use the older
System Policies. [System Policies aren't as much fun or as useful
but they can be made to work if you are persistent.]
Even the (misnamed) "Active Directory Client Update" for NT or
9x -- aka DSClient -- won't do it. It really just makes the multi-master
and site aware.
Ok, it does give them some LDAP functionality but it doesn't make
them Active Directory clients for normal (built-in stuff) nor does it
help them with Group Policies (GPOs are part of AD) nor the
associated automatic software deployment.
H
Herb Martin
Set the domain security policy on the "Domain Controller" OU. DCs enforce
Are you certain?
I haven't tried this because it is documented as not working --
supposedly the "Securty\Account Policies" (i.e., Password,
Lockout, and Kerberos) are ONLY effective if set at Domain
level.
Please confirm or explain....
domain policy. Users logging into the domain will have that policy
enforced. Users logging on with local machine accounts will have local
policy enforced on them.
Are you certain?
I haven't tried this because it is documented as not working --
supposedly the "Securty\Account Policies" (i.e., Password,
Lockout, and Kerberos) are ONLY effective if set at Domain
level.
Please confirm or explain....