Password Policy

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

My current password policy is
5 passwords remembered
0
0 days
0 characters
Disabled
Disabled

I modify these settings and then save them. When I go back into the policy
they default back to the policy above. What am I missing.
 
Where is the domain policy configured?

Nick Finco said:
Most likely your domain policy is overriding your setting changes.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm
Click to expand...
 
The administrator for the domain (I'm assuming) you're joined to configures
these settings in the active directory users and computers snapin. If you
aren't joined to a domain, what tool are you using to configure the
settings?

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm
 
I am on a domain. I go into the properties of the domain and go to the group
policy tab and edit the default domain policy. I made other changes in the
user configuration and the computer configurations and they are saved. For
some reason when I modify the password policy they default back to their
original settings.
 
JT said:
I am on a domain. I go into the properties of the domain and go to the group
policy tab and edit the default domain policy. I made other changes in the
user configuration and the computer configurations and they are saved. For
some reason when I modify the password policy they default back to their
original settings.
Click to expand...

Try modifying the password policies in the default domain *controlller* policy to
see what happens.
 
Nothing is defined in the "Default domain controllers Policy" Where does it
store this information. Is it possible to force the change in the registry?
JT
 
I don't know if this helps, but it does save them for a little while. The
settings will replicate to all the DC's. I can immediately go into the
policy from any DC and it will show my changes. I come back 30 minutes later
and everything has changed back to those default settings.
JT
 
Do you have a higher precidence domain level GPO that would override the
default domain GPO? If so, does that contain the policy settings you are
seeing overriding your default domain GPO's settings?

Is there only 1 DC or multiple DCs? Do you have some form of administrative
tool for group policies that could be setting the settings back? Also, if
there is a script or application changing your policy via "net.exe use",
those changes will be filtered back into your default domain GPO.

Ultimately, if you currently don't have a higher precidence domain level GPO
with these settings defined, the easiest solution will be to create one and
use that to set your password policy settings. That way whatever is
modifying your default domain policy ultimately won't affect your policy
since those settings will be overridden by whatever you put in the higher
priority domain level GPO.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm
 
I'll try that.
Thanks for your help.
JT.

Nick Finco said:
Do you have a higher precidence domain level GPO that would override the
default domain GPO? If so, does that contain the policy settings you are
seeing overriding your default domain GPO's settings?

Is there only 1 DC or multiple DCs? Do you have some form of administrative
tool for group policies that could be setting the settings back? Also, if
there is a script or application changing your policy via "net.exe use",
those changes will be filtered back into your default domain GPO.

Ultimately, if you currently don't have a higher precidence domain level GPO
with these settings defined, the easiest solution will be to create one and
use that to set your password policy settings. That way whatever is
modifying your default domain policy ultimately won't affect your policy
since those settings will be overridden by whatever you put in the higher
priority domain level GPO.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm
Click to expand...
 
Back
Top