[gptalk] Re: Difficulty applying policies

  • From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Sun, 13 Jan 2008 11:55:06 -0600

I highly recommend PPE also.


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Greg
Sent: Saturday, January 12, 2008 6:56 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Difficulty applying policies


another product for you to consider....





        ----- Original Message ----- 

        From: mike kline <mailto:mkline@xxxxxxxxx>  

        To: gptalk@xxxxxxxxxxxxx 

        Sent: Friday, January 11, 2008 7:58 PM

        Subject: [gptalk] Re: Difficulty applying policies


        Password policies for domain accounts can't be set at the OU
level.  That policy is set at the domain level so your domain level
policy is still being used. 


        There are some third party tools that may help you out if you
want a different policy.    


        Windows 2008 will allow you to use fine-grained passwords so
Microsoft did listen that we wanted this feature.   More info on that




        On Jan 11, 2008 7:37 PM, Paul Manley <paul.manley@xxxxxxxxx>

        Simplified Scenario:  Executives can't remember their difficult
passwords.  So we are going to let them use smaller non-complex
        Let us assume that this morning I setup Active Directory on a
Windows 2003 server with SP1, but no other updates and created a few
        I've installed the Group Policy Management snap-in and created a
new Group Policy Object ( under the Group Policy Objects folder of our
domain ) called "Exec Password Policy". 
        I've set the [Computer Configuration]->[Windows
Settings]->[Security Settings]->[Account Policies]->[Password Policies]
to be less restrictive in "Exec Password Policy". 
        I create a new Organizational Unit called "Executives" and place
the users in there. 
        Now I "Link an Existing GPO..." on my "Executives" OU selecting
the "Executive Password Policy". 
        I try to reset one of the Executives passwords, but I am not
        "Windows cannot complete the password change for Fred Executive
because:  The password does not meet the password policy requirements.
Check the minimum password length, password complexity and password
history requirements." 
        Those are exactly what I have just turned off.  Perhaps you
could point out the error of my configuration.  I have setup a VM domain
this morning to do testing.
         - Paul - 


This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

Other related posts: