Windows Domain Password Policies

Discussion in 'Computer Security' started by mojorisin, Dec 6, 2006.

  1. mojorisin

    mojorisin Kilobyte Poster

    415
    17
    41
    Hi all

    I have setup password policies on my domain as the following

    Enforce Password History ......2passwords remembered
    Maximum password age .........30 Days
    Minimum password age ..........3 Days
    Minimum password lenght........6 characters
    Password must meet complexity requirements....Enabled

    The problem is when it is time to change the password or the user decides to change the password if the press return after entering there old passord on the change password screen it will accept a blank password as you have returned past it even though the password minimum lentgh is set

    Any ideas

    Sure i have seen this on a website before just can find it

    cheers
    mojo
     
    WIP: Microsoft 365 Identity and Services MD-100
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,205
    136
    199
    Can you confirm that the policy is being applied to the workstations?

    Try running a gpupdate /force on one of the PC's.

    :blink
     
  3. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    I take it you have changed the default domain policy? :blink
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  4. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    My thoughts exactly. Password policies applied to OUs will be applied only to local users and groups (which you're not using in a domain)... not domain users and groups.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  5. mojorisin

    mojorisin Kilobyte Poster

    415
    17
    41
    The policy is being applied as users get prompted to change there passwords just the fact that they can enter a blank password


    Can you not apply the policy to individual OU's then ?

    Ok i have changed the the Domain Group Policy to reflect the settings in the original post

    forgot that was there and would override any settings i made lower down ..oops
     
    WIP: Microsoft 365 Identity and Services MD-100
  6. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    No. Account-based settings must be applied to the default domain policy; otherwise, you'll be applying the policy to user accounts on the local computer, which are used in a workgroup or standalone PC, not in a domain.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.