passwords

[jtovar]

I'm trying to stablish a password policy and I have a question, if I set the user policy under domain security policy and the user account options are set to:

USER CANNOT CHANGE PASSORD
PASSWORD NEVER EXPIRES

Does that mean that i need to remove those marks before the policy take effect or do the password policy takes priority?

 

[packdragon]

The policy would apply to future password changes. Existing passwords would stay the same until you try to change it.

 

[jtovar]

Thank you for your response I do have another question tho
I changed the password policy under the Domain security policy snap-in but next day when i go back is gone is set to 0 again, I'm doing someting wrong?

my network is a domain with 3 controlers all running w2k server i made the changes on the primary ndomain controler any helpfull ideas?
Thank you very much

Jose

 

[packdragon]

A few questions to make sure there were no mistakes:

1. You're looking at the same Domain policy as before? There is also a Domain Controller policy snap-in, which configures the GPO for domain controllers but looks an awful like the one for the entire domain. Then there's also the local security policy to get mixed up with.

2. You're looking at it from the same machine? If it's from a different domain controller, it's possible the policy hasn't propogated yet, though I think the default is supposed to be 20 minutes.

Not sure what else to look at...

 

[Seaspray0]

Good answer, packdragon. jtovar, if you want to see the results of your policy change, you can wait till they are reapplied (one of the policy settings) or you can force them to apply with a command prompt command:

secedit /refreshpolicy machine_policy
secedit /refreshpolicy user_policy

 

[jtovar]

OK this is where I'm changing and checking for changes as you can see is set back to 0 I checked it this morning so it is well over 12 hours.

http://www.joselucy.com/work/password.jpg

thanks
Jose

 

[packdragon]

You've got me baffled! I compared it to my password policy editing page and it looks just like that, except the policies are defined. My only suggestion is to try it again, if you haven't already. Then use Seaspray's method to propogate the policy to another machine, then try it out. Maybe it was a one-time quirk? Who knows...

 

[jtovar]

Ok, i'm getting ready to kick the ##%$#%$#@ out of this network, Just kidding, I tried both of your sugestions and still resets to 0 I didn't setup this network and the person who did was not a Network administrator so, password rules were never setup. any ideas on what would be missing or not running that can cause this?

 

[packdragon]

Just wondering, are any of your other policy settings being saved? Is it just the password stuff that isn't saving?

- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-

http://www.solien.com

 

[howardjch]

Go to Administrative Tools. If you're on a workstation or member/standalone server, select "Local Security Policy"; on a Domain Controller, you'll want to change the Domain policy first, so select "Domain Security Policy"

Once you change whatever settings you want, right-click the Security Settings icon in the left side of the panel, and select 'reload.' That loads the changes into the registry. Without that last step, nothing took place.

I hope I'm not stating what you've already done, but I learned this myself just recently.
Cheers//JC

 

[packdragon]

I found this article related to password policies not being applied:

http://support.microsoft.com/default.aspx?scid=kb;en-us;269236

If howardjch's suggestion doesn't work, check out the article. If that doesn't help either, try searching support.microsoft.com for "password policy" and see if any of those articles applies to you.

- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-

http://www.solien.com