Thanks. I just got beaten with my head onto the same thing from another source. Dummy me. I completely spaced this out. Thanks for pointing that out anyway. It saves me more headaches. ;-) Christoph _____ From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn Sent: Tuesday, May 25, 2004 12:12 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: GPO problem Ah... I see the problem. Password policies may only be set at the Domain level, and they apply to the entire domain. One of the "reasons" that Microsoft lists for creating a new domain (instead of a new OU inside a domain) is if you need different password policies. Sorry, but d'ems the breaks... Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. _____ From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Puetz, Christoph Posted At: Tuesday, May 25, 2004 2:10 PM Posted To: Windows 2000 Conversation: [windows2000] Re: GPO problem Subject: [windows2000] Re: GPO problem No, we're still at W2K here - XP and W2K pro clients. Here's is what I did now: New OU - I blocked inheritance. Then applied a new GPO with password specific settings (Password length = 12, maximum age, minimum age, etc.). The default domain policy had 8 characters for the password length but now got changed to non-defined. I moved a user and a machine into that new, clean OU and logon. The user receives the 8 character password requirement from the default domain GPO but all the other settings from the new GPO. A GPResult shows only the new GPO and the local GPO applied - not the default domain GPO though. The local GPO has never been modified and is clean. Christoph _____ From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn Sent: Tuesday, May 25, 2004 11:57 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: GPO problem Any Win2k3 DC servers, or WinXP workstations? If so, try running GPResult (on Win2k3) or use the Group Policy Management Console to generate a RSOP (resultant set of Policies) report and see where the settings are coming from... HTH, Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. _____ From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Puetz, Christoph Posted At: Tuesday, May 25, 2004 9:50 AM Posted To: Windows 2000 Conversation: [windows2000] GPO problem Subject: [windows2000] GPO problem We're dealing with a really weird GPO problem. The password policy got changed in the default domain GPO. This was not supposed to happen and the changes have been reversed due to problems with some clients and 3rd party software. However - even with forcing replication and forcing gpupdate on the clients, numerous reboots - the settings still apply to the clients. Any idea what is holding on to the wrong GPO settings and how that can be cleared out? Windows 2000 AD Domain - mixed mode. Christoph ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________