1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows Domain Password Policies

Discussion in 'Computer Security' started by mojorisin, Dec 6, 2006.

  1. mojorisin

    mojorisin Kilobyte Poster

    395
    14
    41
    Hi all

    I have setup password policies on my domain as the following

    Enforce Password History ......2passwords remembered
    Maximum password age .........30 Days
    Minimum password age ..........3 Days
    Minimum password lenght........6 characters
    Password must meet complexity requirements....Enabled

    The problem is when it is time to change the password or the user decides to change the password if the press return after entering there old passord on the change password screen it will accept a blank password as you have returned past it even though the password minimum lentgh is set

    Any ideas

    Sure i have seen this on a website before just can find it

    cheers
    mojo
     
    WIP: 70-685 http://www.speedtest.net/result/3377759783.png
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Can you confirm that the policy is being applied to the workstations?

    Try running a gpupdate /force on one of the PC's.

    :blink
     
  3. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    I take it you have changed the default domain policy? :blink
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  4. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    My thoughts exactly. Password policies applied to OUs will be applied only to local users and groups (which you're not using in a domain)... not domain users and groups.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  5. mojorisin

    mojorisin Kilobyte Poster

    395
    14
    41
    The policy is being applied as users get prompted to change there passwords just the fact that they can enter a blank password


    Can you not apply the policy to individual OU's then ?

    Ok i have changed the the Domain Group Policy to reflect the settings in the original post

    forgot that was there and would override any settings i made lower down ..oops
     
    WIP: 70-685 http://www.speedtest.net/result/3377759783.png
  6. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    No. Account-based settings must be applied to the default domain policy; otherwise, you'll be applying the policy to user accounts on the local computer, which are used in a workgroup or standalone PC, not in a domain.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!

Share This Page

Loading...