Password settings in Policy

[JH24]

We are testing a new policy in a OU with some test users.
If we make changes to policy they take effect straight away, however the changes do not take effect with the password settings.

Secedit /refreshpolicy machine_policy /enforce

Has been run but the setting still have not taken effect.

All other policys are fine.

Any ideas??

 

[jcneil1]

I think I recall that password policy settings are only effective on GPO's attached to the domain (top of the tree). DC will ignore password policy's attached to OU's.

 

[mawilson]

Password policies are only have an effect on the entire domain. Any account policies you make on an OU will not have any effect. I went through the same thing a while back.

 

[JH24]

Thanks
That is a real pain.
If i click on the block policy inheritence on the OU's will that stop the domain password policy change from taking effect on the users in the OU??

I just want to be able to test this without it taking effect on 400 users tomorrow morning.

Thanks
James

 

[mawilson]

I don't think it will work. I do know that the main thing you would have to worry about the next day is the password age. If users currently have passwords that don't meet the length, complexity, etc. requirements they will still work until the expiration time comes up. Then it will force them to use any requirements you have set up.