October 6, 2008 06:50pm pdt

1. KCTS 904,494
2. LauraEHu... 557,181
3. Chris-Dent 485,156
4. tigermatt 421,888
5. Jay_Jay70 274,188
6. oBdA 259,067
7. ChiefIT 171,792
8. henjoh09 164,854
9. toniur 153,822
10. ryansoto 142,524
11. martin_b... 132,353
12. Netman66 129,939
13. RobSamp... 121,234
14. leew 117,902
15. dariusg 112,685
16. Sembee 100,203
17. RobWill 98,845
18. Paka 97,780
19. TechSoEasy 95,125
20. mattee76 91,380
21. PlaceboC6 90,504
22. slam69 88,415
23. Pber 86,097
24. merowinger 82,736
25. Shift-3 77,650

1. KCTS 1,677,567
2. LauraEHu... 1,211,166
3. Chris-Dent 707,754
4. Jay_Jay70 639,011
5. oBdA 523,521
6. tigermatt 516,819
7. toniur 464,960
8. Sembee 395,282
9. Netman66 367,797
10. leew 265,453
11. TechSoEasy 226,880
12. ChiefIT 216,842
13. Pber 206,160
14. kamalgopi 184,746
15. RobSamp... 183,034
16. aissim 173,210
17. henjoh09 164,854
18. strongline 161,115
19. My_User... 158,383
20. farhankazi 153,550
21. ryansoto 150,524
22. Shift-3 141,407
23. martin_b... 132,353
24. sirbounty 131,453
25. RobWill 131,265

04.23.2008 at 08:23AM PDT, ID: 23346953

	[x] Attachment Details

GP Default domain policy not applying to users

Asked by BerryGardens in Active Directory, Windows 2003 Server, Microsoft Applications

Tags: Microsoft, Active Directory, 2003, Password Policy Domain

I have changed the default domain policy but it has not applied.

I have amended the default domain policy and enforced to authenticated users - when I test it still meets the old settings on some and changes on others but not applying. For example I can still change the password meeting the old requirements.

I have done rsop.msc and security settings reporting correctly (on some)

Attached is a client gpo.txt for example.

Old Policy:
2 passwords remembered
Max 120 days
Min 0 days
4 characters
complexity - disabled
disabled

New policy:
5 passwords remembered
Max 60 days
Min 0 days
6 Characters
complexity - Enabled
disabled

ANY HELP - 500 points - thanks

@@@@@@@@@@@@@@@@@@@@@@@@@@@GP RESULT@@@@@@@@@@

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 23/04/2008 at 16:18:48

RSOP results for domain\user1 on LAPTOP1 : Logging Mode
-------------------------------------------------------------------

OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: domain
Domain Type: Windows 2000
Site Name: sitename
Roaming Profile:
Local Profile: C:\Documents and Settings\user
Connected over a slow link?: No

COMPUTER SETTINGS
------------------
CN=LTFOG-809,OU=Laptop,OU=Computers,OU=Five Oak Green,OU=Sites,OU=Berry Gardens,DC=kgfruits,DC=local
Last time Group Policy was applied: 23/04/2008 at 15:49:23
Group Policy was applied from: kgfax.kgfruits.local
Group Policy slow link threshold: 64 kbps

Applied Group Policy Objects
-----------------------------
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
LTFOG-809$
Domain Computers

Resultant Set Of Policies for Computer:
----------------------------------------

Software Installations
----------------------
N/A

Startup Scripts
---------------
N/A

Shutdown Scripts
----------------
N/A

Account Policies
----------------
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: N/A

GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: 2

GPO: Default Domain Policy
Policy: LockoutDuration
Computer Setting: 30

GPO: Default Domain Policy
Policy: ResetLockoutCount
Computer Setting: 30

GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 4

GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: 5

GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 120

Audit Policy
------------
N/A

User Rights
-----------
N/A

Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Enabled

GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled

Event Log Settings
------------------
GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 0
Log Name: Application

GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 0
Log Name: System

GPO: Default Domain Policy
Policy: RetentionDays
Computer Setting: 0
Log Name: Security

Restricted Groups
-----------------
N/A

System Services
---------------
N/A

Registry Settings
-----------------
N/A

File System Settings
--------------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\System
State: disabled

GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\System
State: Enabled

GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\System
State: Enabled

GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\System
State: Enabled

GPO: Default Domain Policy
Setting: Software\Microsoft\Windows\CurrentVersion\Policies\System
State: Enabled

GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\System
State: Enabled

GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon
State: Enabled

GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\System
State: Enabled

GPO: Default Domain Policy
Setting: Software\Microsoft\Windows\CurrentVersion\Policies\System
State: Enabled

GPO: Default Domain Policy
Setting: Software\Microsoft\Windows\CurrentVersion\Policies\System
State: Enabled

GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
State: disabled

GPO: Default Domain Policy
Setting: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
State: Enabled

GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\System
State: Enabled

GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\System
State: Enabled

USER SETTINGS
--------------
CN=Lizzy Bowen,OU=Users,OU=Five Oak Green,OU=Sites,OU=Berry Gardens,DC=kgfruits,DC=local
Last time Group Policy was applied: 23/04/2008 at 15:50:17
Group Policy was applied from: <domain>
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
UK Login Script

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Default Domain Policy
Filtering: Disabled (GPO)

Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
SophosUser
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
All Staff

Resultant Set Of Policies for User:
------------------------------------

Software Installations
----------------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
GPO: UK Login Script
Setting: Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
State: Enabled

Folder Redirection
------------------
N/A

Internet Explorer Browser User Interface
----------------------------------------
N/A

Internet Explorer Connection
----------------------------
N/A

Internet Explorer URLs
----------------------
N/A

Internet Explorer Security
--------------------------
N/A

Internet Explorer Programs
--------------------------
N/A
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Start Free Trial

Keywords: GP Default domain policy not applying t…

	Title
1	How to delete SCE GP from AD
2	Windows 2003 GP User Password …
3	Parasing a GPS String in C#
4	deploying an Msi file through Group poli…
5	What is the most accurate (distance…
6	GPS

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628

GP Default domain policy not applying to users

Asked by BerryGardens in Active Directory, Windows 2003 Server, Microsoft Applications

Tags: Microsoft, Active Directory, 2003, Password Policy Domain

About this solution