[windows2000] Re: GPO problem
- From: "Puetz, Christoph" <christoph.puetz@xxxxxxxxxxx>
- To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
- Date: Tue, 25 May 2004 12:26:10 -0600
Thanks. I just got beaten with my head onto the same thing from another
source. Dummy me. I completely spaced this out.
Thanks for pointing that out anyway. It saves me more headaches. ;-)
Christoph
_____
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn
Sent: Tuesday, May 25, 2004 12:12 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: GPO problem
Ah... I see the problem.
Password policies may only be set at the Domain level, and they apply to the
entire domain.
One of the "reasons" that Microsoft lists for creating a new domain (instead
of a new OU inside a domain) is if you need different password policies.
Sorry, but d'ems the breaks...
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
_____
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Puetz, Christoph
Posted At: Tuesday, May 25, 2004 2:10 PM
Posted To: Windows 2000
Conversation: [windows2000] Re: GPO problem
Subject: [windows2000] Re: GPO problem
No, we're still at W2K here - XP and W2K pro clients.
Here's is what I did now:
New OU - I blocked inheritance. Then applied a new GPO with password
specific settings (Password length = 12, maximum age, minimum age, etc.).
The default domain policy had 8 characters for the password length but now
got changed to non-defined.
I moved a user and a machine into that new, clean OU and logon. The user
receives the 8 character password requirement from the default domain GPO
but all the other settings from the new GPO.
A GPResult shows only the new GPO and the local GPO applied - not the
default domain GPO though. The local GPO has never been modified and is
clean.
Christoph
_____
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn
Sent: Tuesday, May 25, 2004 11:57 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: GPO problem
Any Win2k3 DC servers, or WinXP workstations?
If so, try running GPResult (on Win2k3) or use the Group Policy Management
Console to generate a RSOP (resultant set of Policies) report and see where
the settings are coming from...
HTH,
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
_____
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Puetz, Christoph
Posted At: Tuesday, May 25, 2004 9:50 AM
Posted To: Windows 2000
Conversation: [windows2000] GPO problem
Subject: [windows2000] GPO problem
We're dealing with a really weird GPO problem. The password policy got
changed in the default domain GPO. This was not supposed to happen and the
changes have been reversed due to problems with some clients and 3rd party
software.
However - even with forcing replication and forcing gpupdate on the clients,
numerous reboots - the settings still apply to the clients.
Any idea what is holding on to the wrong GPO settings and how that can be
cleared out?
Windows 2000 AD Domain - mixed mode.
Christoph
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
Other related posts:
