Edited Domain Default Group Policy is not being enforced, stillusing original policies.

Discussion in 'Windows Server' started by Roger Linhart, Dec 29, 2005.

  1. OK, so I finally have to put my money where my mouth is. I installed AD on a reasonably new Windows Server 2003 Standard. This is a small business with less than 15 users. The server will be providing File and Print services as well as Remote Desktop for administration and for the President of the company to have remote access. The first thing I noticed was a horrific amount of nonsense about user account passwords. I edited the Default Domain Group Policy. After confirming the changes had been set I'm still forced to have complicated password. I'll admit this is the first time I've really had to make this work rather than just talking about it. If someone can point me in the right direction I would really appreciate it. Thanks!

    Roger Linhart
    User Services Manager
    Southern Oregon University
    1250 Siskiyou Boulevard
    CS 122
    Ashland, OR 97520
    (541) 552-8544
     
    Roger Linhart, Dec 29, 2005
    #1
    1. Advertisements

  2. Start-Manage Your Server-Manage users and computers in Active Directory. From here I right-click the domain and choose properties. In the domain properties window I click the Group Policy tab. Under Group Policy Object Links I select the Default Domain Policy then click the Edit button. In the Group Policy Object Editor windows I browse to Computer Configuration-Windows Settings-Security Settings-Account Policies-Password Policy. I've changed the Enforce password history = 0, Maximum password age = 90 days, Minimum password age = 1 days, Minimum Password length = 6 characters, Password must meet complexity requirements = Disabled, Store passwords using reversible encryption = Disabled.

    I also did a GPRESULT and can see under COMPUTER SETTINGS-Applied Group Policy Objects has: Default Domain Controllers Policy, Default Domain Policy and local Group Policy listed.

    Strange, now that I test it, the group policy does seem to be in affect. I didn't think I needed to wait for replication when this is a single server network and also the domain controller. Unless someone wants to explain why it didn't work when I first edited the policy, even after restarting the server I would be glad to listen. Otherwise this is a case closed. ::grin::

    Roger Linhart
    User Services Manager
    Southern Oregon University
    1250 Siskiyou Boulevard
    CS 122
    Ashland, OR 97520
    (541) 552-8544

    Hi Roger,

    Can you be specific what you set in the policy -- to try and disable the complex passwords? That is about the only way we can help you out.

    --
    Mike
    Microsoft MVP - Windows Security
    OK, so I finally have to put my money where my mouth is. I installed AD on a reasonably new Windows Server 2003 Standard. This is a small business with less than 15 users. The server will be providing File and Print services as well as Remote Desktop for administration and for the President of the company to have remote access. The first thing I noticed was a horrific amount of nonsense about user account passwords. I edited the Default Domain Group Policy. After confirming the changes had been set I'm still forced to have complicated password. I'll admit this is the first time I've really had to make this work rather than just talking about it. If someone can point me in the right direction I would really appreciate it. Thanks!

    Roger Linhart
    User Services Manager
    Southern Oregon University
    1250 Siskiyou Boulevard
    CS 122
    Ashland, OR 97520
    (541) 552-8544
     
    Roger Linhart, Jan 4, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.