Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Complexity Requirements - disable

Status
Not open for further replies.
Rich9911

Rich9911

MIS
Oct 20, 2004
16
US

Aloha everyone,

I've recently upgraded to a new server and have installed 2003 standard edition. While my original upgrade was from a 2k server, all the policies moved over.

Now with a clean install (decided to manually enter all users and GP's again for this small office) i'm having an issue of enforcing the "Passwords Must Meet Complexity Requirements" policy. This policy is disabled in the group policy editor;

Default Domain Controllers Policy
Default Domain Policy
Office Staff Policy

All three have been changed to "disabled", I have pushed the policy out, restarted the server and client machines. and nothing.

When I force the user to change their password on next log on, it requires the numbers, symbols, letter options... complexity requirements.

Any chance I'm missing a policy?

 
Sort by date Sort by votes
The only place that will actually count is ont he Default Domain Policy.

More than likely even though you rebooted the policy did not update ont he machines yet. Try forcing an update.

On Windows 2000 run the following at a command prompt:
secedit /refreshpolicy machine_policy /enforce
secedit /refreshpolicy user_policy /enforce

On Windows XP it is just one command: gpupdate /force

Reboot and try your test again.


I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
When you say upgraded I take it that you mean upgraded the domain from 2000 to 2003. The policy setting will have been migrated.

Agree with Mark about only needed to be set on the Default Domain Poicy. Make sure that this poilcy is placed at the root of you domain so that all ou's get the policy applyed. You can use the commands from Mark on a few PC's to test as the will take a long time to get around all systems.

The default policy refresh rate is 90 minutes or a reboot would be better. send a mail to your users asking them to either restart when possible or to make sure all PC's are shutdown at close of business then when they login the poicy will be in place. remember this only take affect when the user changes their password.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MCSLOY
  • Locked
  • Question
Windows Server 2012 Failover Clustering hardware requirements
Replies
0
Views
45
MCSLOY
MCSLOY
Bilberry
  • Locked
  • Question
Disable address bar from internet explorer 8
Replies
1
Views
62
58sniper
58sniper
damienenglish
  • Locked
  • Question
Auto Disable Users in OU via Group Policy
Replies
4
Views
273
damienenglish
damienenglish
Magzy
  • Locked
  • Question
Disable bitmap caching - Terminal Services
Replies
1
Views
308
ShackDaddy
ShackDaddy
mmcc
  • Locked
  • Question
Server 2003: DNS disable recursion?
Replies
1
Views
62
technome
technome

Part and Inventory Search

Sponsor

Back
Top