dd021197
asked on
Active Directory and Group Policy's .....
Hope someone can help :-)
I have setup Active Directory on a Windows 200 Advanced server box, and I have Windows 2000 Professional installed on another box. Under Active Directory I have added an Organisation Unit, called test. Under this, I have added the client computer account and have added a sample user. When I add a new policy at the test OU level to force the user to have a password of greater that say 7 chars, and setup the user to change password at next login. (I do this under the computer section of the policy) When the client logs in as the sample user they are prompted to choose a password, but any length is allowed!! Why is this??? If I change any of the policy entried to do with the user, say Hide all Desktop icons, it works okay!!!
It's confusing me - anyone any ideas???
I have setup Active Directory on a Windows 200 Advanced server box, and I have Windows 2000 Professional installed on another box. Under Active Directory I have added an Organisation Unit, called test. Under this, I have added the client computer account and have added a sample user. When I add a new policy at the test OU level to force the user to have a password of greater that say 7 chars, and setup the user to change password at next login. (I do this under the computer section of the policy) When the client logs in as the sample user they are prompted to choose a password, but any length is allowed!! Why is this??? If I change any of the policy entried to do with the user, say Hide all Desktop icons, it works okay!!!
It's confusing me - anyone any ideas???
take a look at some of thses - especially the troubleshooting...
From: snirh Date: 03/28/2001 12:39AM PST Group policy planning with screen shots
http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp
Windows 2000 Group Policy White Paper
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Step by Step Guide to Managing the Group Policy Feature Set
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp
"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp
and
Wayne's Windows NT Administration Tips
http://is-it-true.org/nt/nt2000/atips/index.shtml
Windows 2000 Support TOols"
http://is-it-true.org/nt/nt2000/atips/atips57.shtml
-----------------------
I hope this helps !
From: snirh Date: 03/28/2001 12:39AM PST Group policy planning with screen shots
http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp
Windows 2000 Group Policy White Paper
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Step by Step Guide to Managing the Group Policy Feature Set
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp
"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp
and
Wayne's Windows NT Administration Tips
http://is-it-true.org/nt/nt2000/atips/index.shtml
Windows 2000 Support TOols"
http://is-it-true.org/nt/nt2000/atips/atips57.shtml
-----------------------
I hope this helps !
-What about setting "no override" on the policy ?
-You should also issue a secedit /refreshpolicy userpolicy & machinepolicy from the station before you try it again.
-You should also issue a secedit /refreshpolicy userpolicy & machinepolicy from the station before you try it again.
ALso
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=19703
A Group Policy Modeling Tool
FAZAM 2000 RFV helps you determine which Group Policies are in effect ,
the effective policy.
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=19703
A Group Policy Modeling Tool
FAZAM 2000 RFV helps you determine which Group Policies are in effect ,
the effective policy.
If, on the local machine, you open a Local Machine Policy management console, it will display the settings which are effectively used beneatch the settings of the local machine. IMO useful to find out what's going on.
ASKER
Thanks for the responses. I will look into these, I think am am following the way it's supposed to be done.
Essentially what I am asking is how do you set the minimum password lenght to 10 characters, for a an OU of users?
Surely someone must have done this, if so how?
Essentially what I am asking is how do you set the minimum password lenght to 10 characters, for a an OU of users?
Surely someone must have done this, if so how?
You can't...Password restrictions are on a domain basis NOT an OU basis. I don't know why MS did it that way but that is one of the reasons they give for needing different domains.
Yeah rcasteel is right. different password policy requires a different domain in the forest. There is another option though. With no password policy in the domain & a local policy that is imported to the OU computers through a login script with an imported security config file.
-Type secedit on a win2k machine & search for the proceedure with keywords.... export .. import.
-Type secedit on a win2k machine & search for the proceedure with keywords.... export .. import.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How to you set it up at domain level then? Through the default domain policy??
ASKER
I have worked it out - I'm just setting it at domain level - thanks for your help.
Not sure who to give the points to :-)
Not sure who to give the points to :-)
You gave the points to the right person. Good point about which accounts it will affect rcastle... I would have to try it & may soon.
Password policies are set at the local machine level OR the domain level. The effective policy would depend on where the user logs on.