Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Domain password policy not applied

Permissions, Group Policy, IPSec, Virus, Spam, Spyware, Malware.
Post a reply

Domain password policy not applied

Postby guest » Fri Jul 20, 2012 3:53 pm

I have a problem with Domain password policy (Windows 2003 Server R2 SP2 Italian).

I've set "minimum password length" in "Default Domain Security Settings". This setting is correctly propagated to the "Default domain policy" in the "Group Policy Management", and it works fine on local user settings of Domain PC.

But this setting don't work on domain user settings, so I can set an empty password on domain users.

What can I do?
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9027
Joined: Mon Nov 27, 2006 1:10 pm
Top

Re: Domain password policy not applied

Postby guest » Fri Jul 20, 2012 3:53 pm

> If I now block the inheritance, the criteria continue to function correctly. Should not return to the situation of non-functioning?

this is because these settings are propagated to Domain Controllers OU and are remembered by it (even if policy is removed). This behavior by design. However if you will change some parameters in Domain Policy and policy inheritance is blocked, now new parameters will apply. Therefore this is strongly recomended to not block Account Policies inheritance to Domain Controllers OU.

> I also made another test that do not understand:
> I set the blocking of inheritance on the domain controller.
> I created a policy for password complexity and linked it to domain controllers, so I moved as first priority.
> In this configuration, the domain does not feel the new password policy.

this is as expected. Check the link that is provided by Joson. There you can read this:

Each domain can have only one Account policy. The Account policy must be defined in the Default Domain Policy or in a new policy that is linked to the root of the domain and given precedence over the Default Domain Policy, which is enforced by the domain controllers in the domain. These domain-wide Account policy settings (Password Policy, Account Lockout Policy, and Kerberos Policy) are enforced by the domain controllers in the domain; therefore, domain controllers always retrieve the values of these Account policy settings from the Default Domain Policy Group Policy object (GPO).
--------------------------------------------------------------------------------
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9027
Joined: Mon Nov 27, 2006 1:10 pm
Top
Post a reply

Return to Security

Your Ad Here

Who is online

Users browsing this forum: No registered users and 3 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group