Group Policy Object in Active Directory

[gbl]

My network has windows 2000 sp2 server and 20 windows 2000 pro clients. I've tried to set up the Group policy object for the domain so that account policies apply across the domain.
I've taken the following steps in Active Directory on the server:
(1) in AD right click on the domain name and select properties
(2) select the Group Policy tab then edit to create a new policy and then edit the same;
(3) Select Computer, Windows, Security, Account Policies
(4) Mske the account setting changes
They appear to be saved because the settings are changed when I go back into this area after exiting.
However, users can still logon to the domain with passwords that violate this policy even after the default waiting period.
These settings show up in "local security settings" under Administrative tools on each workstation, and in fact noone can logon locally with passwords shorter than my specified minimum length.
How do I get this to apply when users logon to the domain at their workstations?
Thanks for your help.

 

[mafioso1823]

On the client computers are you using the domain controller that has AD as your dns?

 

[gbl]

Yes. In fact there is only one server. It acts as our DNS server and primary WINS server.

 

[FilthPig]

If they already have the passwords, it will let them log in with them. If they attempt to change their password will it let them create another short password? Marc Creviere

 

[brontosaurus]

You say you created a new GPO for the domain...what did you do with the original? Did you leave it alone, or set all of the policies to NOT DEFINED? The original domain GPO comes out of the box with several pre-defined policies and you may be experiencing conflicts between the original and your new GPO if you left it "as is". Alternately, if you don't want to mess with it, you can change the order that these policies are processed with when a PC starts up, so your new GPO is processed last and takes precedence.