Solved

Active Directory and Group Policy's .....

Posted on 2001-08-03
12
180 Views
Last Modified: 2010-04-13
Hope someone can help :-)

I have setup Active Directory on a Windows 200 Advanced server box, and I have Windows 2000 Professional installed on another box. Under Active Directory I have added an Organisation Unit, called test. Under this, I have added the client computer account and have added a sample user. When I add a new policy at the test OU level to force the user to have a password of greater that say 7 chars, and setup the user to change password at next login. (I do this under the computer section of the policy) When the client logs in as the sample user they are prompted to choose a password, but any length is allowed!! Why is this??? If I change any of the policy entried to do with the user, say Hide all Desktop icons, it works okay!!!

It's confusing me - anyone any ideas???
0
Comment
Question by:dd021197
  • 3
  • 3
  • 3
  • +2
12 Comments
 
LVL 3

Expert Comment

by:rcasteel
ID: 6349603
The portion of the registry that you modified applies to the local machine.  The account you are trying to log into is probably on the domain.  The only users that will be affected by the policy are users whos accounts are local to the server.

Password policies are set at the local machine level OR the domain level.  The effective policy would depend on where the user logs on.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6349629
take a look at some of thses - especially the troubleshooting...

From: snirh     Date: 03/28/2001 12:39AM PST Group policy planning with screen shots
                 
  http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
                                   http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp

 Windows 2000 Group Policy White Paper
                                         http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp

Step by Step Guide to Managing the Group Policy Feature Set
                                         http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp

"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp

               and

               Wayne's Windows NT Administration Tips
               http://is-it-true.org/nt/nt2000/atips/index.shtml

Windows 2000 Support TOols"
               http://is-it-true.org/nt/nt2000/atips/atips57.shtml
-----------------------
I hope this helps !
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6349820
-What about setting "no override"  on the policy ?
-You should also issue a secedit /refreshpolicy userpolicy & machinepolicy from the station before you try it again.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6349942
ALso

http://www.win2000mag.com/Articles/Index.cfm?ArticleID=19703

A Group Policy Modeling Tool
 FAZAM 2000 RFV helps you determine which Group Policies are in effect ,
the  effective policy.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6351207
If, on the local machine, you open a Local Machine Policy management console, it will display the settings which are effectively used beneatch the settings of the local machine. IMO useful to find out what's going on.
0
 
LVL 1

Author Comment

by:dd021197
ID: 6351218
Thanks for the responses. I will look into these, I think am am following the way it's supposed to be done.

Essentially what I am asking is how do you set the minimum password lenght to 10 characters, for a an OU of users?

Surely someone must have done this, if so how?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 3

Expert Comment

by:rcasteel
ID: 6352657
You can't...Password restrictions are on a domain basis NOT an OU basis.  I don't know why MS did it that way but that is one of the reasons they give for needing different domains.
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6353497
Yeah rcasteel is right. different password policy requires a different domain in the forest. There is another option though. With no password policy in the domain & a local policy that is imported to the OU computers through a login script with an imported security config file.
-Type secedit on a win2k machine & search for the proceedure with keywords.... export .. import.

0
 
LVL 3

Accepted Solution

by:
rcasteel earned 200 total points
ID: 6354538
I am not sure about that Housenet.  It has been my experience that changing the security policy on the local policy effectively changes the local security policy on the machine.  This WILL work but it only works for local accounts NOT domain accounts.  

If this does work, I would like a step by step procedure posted so I can test it too.  I have found the security policy in Windows 2000 to be one of the few things that doesn't seem to fit properly into the whole active directory idea.  I would definately be interested in finding a way to control it easily and more grainurlarly than at the domain level.
0
 
LVL 1

Author Comment

by:dd021197
ID: 6354968
How to you set it up at domain level then? Through the default domain policy??
0
 
LVL 1

Author Comment

by:dd021197
ID: 6355673
I have worked it out - I'm just setting it at domain level - thanks for your help.

Not sure who to give the points to :-)
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6357754
You gave the points to the right person. Good point about which accounts it will affect rcastle... I would have to try it & may soon.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now