Is this a fresh domain/forest? Remember that without third party software, you can only have one password policy within the domain. What settings did you apply in the securtiy settings? Also keep in mind you cannot use the users name in the password. ----- Original Message ----- From: Paul Manley To: gptalk@xxxxxxxxxxxxx Sent: Friday, January 11, 2008 7:37 PM Subject: [gptalk] Difficulty applying policies Simplified Scenario: Executives can't remember their difficult passwords. So we are going to let them use smaller non-complex passwords. Let us assume that this morning I setup Active Directory on a Windows 2003 server with SP1, but no other updates and created a few users. I've installed the Group Policy Management snap-in and created a new Group Policy Object ( under the Group Policy Objects folder of our domain ) called "Exec Password Policy". I've set the [Computer Configuration]->[Windows Settings]->[Security Settings]->[Account Policies]->[Password Policies] to be less restrictive in "Exec Password Policy". I create a new Organizational Unit called "Executives" and place the users in there. Now I "Link an Existing GPO..." on my "Executives" OU selecting the "Executive Password Policy". I try to reset one of the Executives passwords, but I am not allowed: "Windows cannot complete the password change for Fred Executive because: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements." Those are exactly what I have just turned off. Perhaps you could point out the error of my configuration. I have setup a VM domain this morning to do testing. - Paul -