[gptalk] Re: Difficulty applying policies

  • From: "Greg" <gwerner@xxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 11 Jan 2008 19:56:15 -0500

Is this a fresh domain/forest?  Remember that without third party software, you 
can only have one password policy within the domain.  What settings did you 
apply in the securtiy settings?  Also keep in mind you cannot use the users 
name in the password.
  ----- Original Message ----- 
  From: Paul Manley 
  To: gptalk@xxxxxxxxxxxxx 
  Sent: Friday, January 11, 2008 7:37 PM
  Subject: [gptalk] Difficulty applying policies

  Simplified Scenario:  Executives can't remember their difficult passwords.  
So we are going to let them use smaller non-complex passwords.

  Let us assume that this morning I setup Active Directory on a Windows 2003 
server with SP1, but no other updates and created a few users. 
  I've installed the Group Policy Management snap-in and created a new Group 
Policy Object ( under the Group Policy Objects folder of our domain ) called 
"Exec Password Policy".
  I've set the [Computer Configuration]->[Windows Settings]->[Security 
Settings]->[Account Policies]->[Password Policies] to be less restrictive in 
"Exec Password Policy". 
  I create a new Organizational Unit called "Executives" and place the users in 
  Now I "Link an Existing GPO..." on my "Executives" OU selecting the 
"Executive Password Policy". 

  I try to reset one of the Executives passwords, but I am not allowed:
  "Windows cannot complete the password change for Fred Executive because:  The 
password does not meet the password policy requirements.  Check the minimum 
password length, password complexity and password history requirements." 

  Those are exactly what I have just turned off.  Perhaps you could point out 
the error of my configuration.  I have setup a VM domain this morning to do 

   - Paul - 

Other related posts: