Password Policy driving me mad!

Password Policy driving me mad!

Post by xanadumoo » Wed, 12 Feb 2003 21:19:50



Hello all,

I was experimenting with "Default Domain Policy" and I
have imported "securedc" policy to "Security Settings".
After that I've imported "basicdc" and while importing
I've checked the "Clear this database before importing"
option. Even though, the "Password Policy" is still acting
as "securedc",  not as "basicdc". It keeps me asking for
complex, minimum 8 character passwords while creating a
new user. This is driving me crazy, I haven't defined
any "Password Policy" options in "Default Domain
Policy", "Default Domain Controller Policy" or in my own
Group Policy for my users, so where the hell are these
password restrictions coming from?

Thanks in advance

 
 
 

Password Policy driving me mad!

Post by Kerry Hoski » Thu, 13 Feb 2003 04:24:43


A password policy can only be set in the default domain policy, so this is
the only place you need look. How many DC's have you got?  If you have more
than one then have you got any block inheritance or no override setting set
in your default domain controller policy? If so remove them.  I suffered
from a similar problem, and found the cause to be a no override setting on
my default domain controller OU.  Everytime I changed the password policy
settings in the default domain GP it changed itself back again!  This drove
me nuts for ages, until I found the cause was the no override setting on the
default domain controllers OU.  There is mention of this behaviour in a
knowledgebase article somewhere.

Kerry


Quote:> Hello all,

> I was experimenting with "Default Domain Policy" and I
> have imported "securedc" policy to "Security Settings".
> After that I've imported "basicdc" and while importing
> I've checked the "Clear this database before importing"
> option. Even though, the "Password Policy" is still acting
> as "securedc",  not as "basicdc". It keeps me asking for
> complex, minimum 8 character passwords while creating a
> new user. This is driving me crazy, I haven't defined
> any "Password Policy" options in "Default Domain
> Policy", "Default Domain Controller Policy" or in my own
> Group Policy for my users, so where the hell are these
> password restrictions coming from?

> Thanks in advance