Password Policy

  • Thread starter Thread starter Chad
  • Start date Start date
C

Chad

Has anyone had luck at setting up a password policy? We
cannot seem to get it to work. Advise???
 
At what level are you setting your password policy? Have you verified that
group policies are being processed on the DCs? The following article may
help.
269236 Changes Are Not Applied When You Change the Password Policy
http://support.microsoft.com/?id=269236

--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Has anyone had luck at setting up a password policy? We
cannot seem to get it to work. Advise???
Click to expand...

Well, sure. Since this just works, we probably don't
understand what problems you experience or what environment
you are using, e.g.,

Domain (Group Policy) or Single Machine?

Group Policy can only do this from AD at the DOMAIN
(e.g., NOT the OU or Site level).

Client types?
 
Well, we were trying out the OU level. So that answers
that. From what I have learned, we can create a child
domain for testing purposes...so I guess we will start
there.
As to your questions:Mixed 2000 and NT environment. Is
there anyway to make the GPO work with the NT boxes?

Thanks for the post!

Chad
 
Set the domain security policy on the "Domain Controller" OU. DCs enforce
domain policy. Users logging into the domain will have that policy
enforced. Users logging on with local machine accounts will have local
policy enforced on them.

-ds
 
Well, we were trying out the OU level. So that answers
that. From what I have learned, we can create a child
domain for testing purposes...so I guess we will start
there.
As to your questions:Mixed 2000 and NT environment. Is
there anyway to make the GPO work with the NT boxes?
Click to expand...

No, but the password policy is usually directed at the DOMAIN
controllers anyway -- if you want to control similar stuff on
NT workstations (like settings for local accounts) use the older
System Policies. [System Policies aren't as much fun or as useful
but they can be made to work if you are persistent.]

Even the (misnamed) "Active Directory Client Update" for NT or
9x -- aka DSClient -- won't do it. It really just makes the multi-master
and site aware.

Ok, it does give them some LDAP functionality but it doesn't make
them Active Directory clients for normal (built-in stuff) nor does it
help them with Group Policies (GPOs are part of AD) nor the
associated automatic software deployment.
 
Set the domain security policy on the "Domain Controller" OU. DCs enforce
domain policy. Users logging into the domain will have that policy
enforced. Users logging on with local machine accounts will have local
policy enforced on them.
Click to expand...

Are you certain?

I haven't tried this because it is documented as not working --
supposedly the "Securty\Account Policies" (i.e., Password,
Lockout, and Kerberos) are ONLY effective if set at Domain
level.

Please confirm or explain....
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD and Password policy question 12
Password Policy for Service Accounts 2
Excel Protection 2
default domain policy, password policy 2
Password Policy at a OU Level. 2
Problem with Password Policy 1
Expiration notification 4
Domain Password Policy 1

Back
Top