1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

password policy. so easy but!..

Discussion in 'Windows Server 2003 / 2008 / 2012 Exams' started by payam_2k3, Nov 27, 2009.

  1. payam_2k3

    payam_2k3 New Member

    7
    0
    6
    dear all.
    I have a big problem with pass policy.
    when you enable pass policy on an OU group policy object , the policy does not affect any thing , but when you enable it on DEFAULT DOMAIN POLICY group policy object , it works!!!
    I am so confused because I cheked it with NO OVERRIDE chek box but that does not work.

    in the tests and in theory , it must work but when you deploy it on an OU , it does not work!.

    realy I dont know.
    but i think that just the PASSWORD POLICY ( it contains : 1-pass must meet complix.2- max and min pass age.) must deploy on DEFAULT DOMAIN POLICY , "ONLY".

    and i think that the only way that it works is to deploy it on default domain , and not no an OU policy.

    what do u think ?
     
    Certifications: starting
  2. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Log in as a User whom the Password Policy is not being applied and run gpresult to see what is being enforced. Or you can always use Group Policy Modellig to see which GPO's are being applied.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  3. MLP

    MLP Kilobyte Poster

    305
    19
    42
    Hi

    Are you using Server 2003 or 2008? As far as I am aware, password policy can only be enforced using the Default Domain Policy in 2003. This has been changed in 2008, so that you can have different password requirements for different OU's.

    Maria
     
    Certifications: HND Computing
    WIP: 70-680, 70-270, 70-290
  4. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    If you are wanting to have a different password policy for different OU's it wont work, password policy has to be applied at the domain level, if you want different passwords for different OU's ten you need to creat multiple domains.

    Hope this helps

    Cheers
     
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294
  5. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    Sorry MLP, didn't read your post properly, your correct with Server 2003, wasn't aware of the change in 2008 but it's good to know.
     
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294
  6. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    What Maria said basically. It's a new feature of 2K8. Your domain functional level will need to be running at 2K8 though for it to work.
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  7. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Yup, fine-grained passwords are only availabe in Server 2008.

    http://technet.microsoft.com/en-us/library/cc770394(WS.10).aspx

    I think if you set the policy on a server 2003 GPO it will only enforce the policy on the local accounts in the computer objects in the OU.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  8. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    yep, stumbled across this one a while back and thought it was something perhaps left out. It was around the time non domain users were calling in because of being locked out of OWA. :twisted:
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  9. Rich165

    Rich165 Bit Poster

    30
    0
    24
    :thumbleft
     
    Certifications: MCSE, MCITP Server 08 & Exch07, CCNA, CCNA Sec
    WIP: ...everything else!!

Share This Page

Loading...