[gptalk] Re: Difficulty applying policies
- From: "Greg" <gwerner@xxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Fri, 11 Jan 2008 19:56:15 -0500
Is this a fresh domain/forest? Remember that without third party software, you
can only have one password policy within the domain. What settings did you
apply in the securtiy settings? Also keep in mind you cannot use the users
name in the password.
----- Original Message -----
From: Paul Manley
To: gptalk@xxxxxxxxxxxxx
Sent: Friday, January 11, 2008 7:37 PM
Subject: [gptalk] Difficulty applying policies
Simplified Scenario: Executives can't remember their difficult passwords.
So we are going to let them use smaller non-complex passwords.
Let us assume that this morning I setup Active Directory on a Windows 2003
server with SP1, but no other updates and created a few users.
I've installed the Group Policy Management snap-in and created a new Group
Policy Object ( under the Group Policy Objects folder of our domain ) called
"Exec Password Policy".
I've set the [Computer Configuration]->[Windows Settings]->[Security
Settings]->[Account Policies]->[Password Policies] to be less restrictive in
"Exec Password Policy".
I create a new Organizational Unit called "Executives" and place the users in
there.
Now I "Link an Existing GPO..." on my "Executives" OU selecting the
"Executive Password Policy".
I try to reset one of the Executives passwords, but I am not allowed:
"Windows cannot complete the password change for Fred Executive because: The
password does not meet the password policy requirements. Check the minimum
password length, password complexity and password history requirements."
Those are exactly what I have just turned off. Perhaps you could point out
the error of my configuration. I have setup a VM domain this morning to do
testing.
- Paul -
Other related posts:
