Account Password Policy

Ok, I must be drunk, but something weird is going on with my Account password
policy. After I reset a users password and select that they have to change
it, it prompts them that the password needs to be 8 characters long, no
repeats of last 24 passwords and must be 0 days old. I dont have it setup
that way?? The only thing I have set up on password policy is 8 characters
long, so that works. I have complexity disabled so it knows that. I have
max password age to 0 which means never expires and min to 1 day.....this is
all held at the Domain level. Now I do have my Computers in their own OU
with a GP enabled but the policy is the same. Anyone know where to start
looking for issues?

 

From the gpmc run the Group Policy Results wizard and see what the Winning
GPO is. Refer to http://technet.microsoft.com/en-us/library/cc780305.aspx
for more detail.

Wayne McGlinn
Brisbane, Oz
MCNGP Silver

 

FYI: The password policy can only be set on the domain level in a domain
so only policies that are defined at this level will aply and the last
one that applies, wins.

 

But what if the OU blocks inheritance? Could that cause a problem?

 

Password Policy can't be blocked. The OU has absolutely not power over
Password Policy in any way, shape, or form.

 

So what if you remove the GPO from the domain level? Where does the domain
get its instructions from at that point?

 

<snip>

Then you have no policy defined for Password Policy.

 

Ok, I must be drunk,

wish i was.

Kline Sphere (Chalk) MCNGP #3