Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password Complexity GPO not working.

Status
Not open for further replies.

uplinx

IS-IT--Management
Oct 20, 2005
7
GB
We have our main server running Windows 2000 server. There about 150 users in about 15 OU's which are children to one main OU.

I have tired to apply a new GPO to the main OU to increase password security with 24 remembered passwords, 42 day max password age, 1 day min password age, 7 character minimum password length and password complexity enabled.

The problem is that even when enabled, users can still change thier password to something which does not meet the standard requirements e.g passwords changed with Ctrl+Alt+Del with 3 letters and no numbers will be accepted.

To test whether GPO's were being processed, I applyed a simple "Disable Control Panel" rule and this worked perfectly.

Is there any reason why I cannot apply the password security GPOs but apply other GPOs without problem.

Thanks in advance ;-)
 
You need to change the default domain policy,
under Windows Settings | Security Settings | Account Policies | Password Policy

 
Yeah, I did that and it just didn't seem to apply. It doesnt warn when users break the password rules and I have no idea how to make them work :S
 
You definatly set the policy at the domain level in the Default Domain Policy?

How do you mean it doesn't warn when users break the passwork rules?
 
Looks like I've sorted it, mis understood the reply. I was applying the password GP at OU level and of course only works at Domain level.

This now working, is there a way to make users exempt from this particular GP, such as the administrators?
 
You can set the admin password so it doesn't expire but it will have to meet the other requirements, or you could put it in the default users container so no policies affect that account.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top