?
Solved

Active Directory and Group Policy's .....

Posted on 2001-08-03
12
Medium Priority
?
203 Views
Last Modified: 2010-04-13
Hope someone can help :-)

I have setup Active Directory on a Windows 200 Advanced server box, and I have Windows 2000 Professional installed on another box. Under Active Directory I have added an Organisation Unit, called test. Under this, I have added the client computer account and have added a sample user. When I add a new policy at the test OU level to force the user to have a password of greater that say 7 chars, and setup the user to change password at next login. (I do this under the computer section of the policy) When the client logs in as the sample user they are prompted to choose a password, but any length is allowed!! Why is this??? If I change any of the policy entried to do with the user, say Hide all Desktop icons, it works okay!!!

It's confusing me - anyone any ideas???
0
Comment
Question by:dd021197
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +2
12 Comments
 
LVL 3

Expert Comment

by:rcasteel
ID: 6349603
The portion of the registry that you modified applies to the local machine.  The account you are trying to log into is probably on the domain.  The only users that will be affected by the policy are users whos accounts are local to the server.

Password policies are set at the local machine level OR the domain level.  The effective policy would depend on where the user logs on.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6349629
take a look at some of thses - especially the troubleshooting...

From: snirh     Date: 03/28/2001 12:39AM PST Group policy planning with screen shots
                 
  http://www.microsoft.com/WINDOWS2000/library/planning/management/groupsteps.asp
                                   http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp

 Windows 2000 Group Policy White Paper
                                         http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp

Step by Step Guide to Managing the Group Policy Feature Set
                                         http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_zbgy.asp

"Troubleshooting Group Policy in Windows 2000"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/support/tshootgp.asp

               and

               Wayne's Windows NT Administration Tips
               http://is-it-true.org/nt/nt2000/atips/index.shtml

Windows 2000 Support TOols"
               http://is-it-true.org/nt/nt2000/atips/atips57.shtml
-----------------------
I hope this helps !
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6349820
-What about setting "no override"  on the policy ?
-You should also issue a secedit /refreshpolicy userpolicy & machinepolicy from the station before you try it again.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 63

Expert Comment

by:SysExpert
ID: 6349942
ALso

http://www.win2000mag.com/Articles/Index.cfm?ArticleID=19703

A Group Policy Modeling Tool
 FAZAM 2000 RFV helps you determine which Group Policies are in effect ,
the  effective policy.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6351207
If, on the local machine, you open a Local Machine Policy management console, it will display the settings which are effectively used beneatch the settings of the local machine. IMO useful to find out what's going on.
0
 
LVL 1

Author Comment

by:dd021197
ID: 6351218
Thanks for the responses. I will look into these, I think am am following the way it's supposed to be done.

Essentially what I am asking is how do you set the minimum password lenght to 10 characters, for a an OU of users?

Surely someone must have done this, if so how?
0
 
LVL 3

Expert Comment

by:rcasteel
ID: 6352657
You can't...Password restrictions are on a domain basis NOT an OU basis.  I don't know why MS did it that way but that is one of the reasons they give for needing different domains.
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6353497
Yeah rcasteel is right. different password policy requires a different domain in the forest. There is another option though. With no password policy in the domain & a local policy that is imported to the OU computers through a login script with an imported security config file.
-Type secedit on a win2k machine & search for the proceedure with keywords.... export .. import.

0
 
LVL 3

Accepted Solution

by:
rcasteel earned 600 total points
ID: 6354538
I am not sure about that Housenet.  It has been my experience that changing the security policy on the local policy effectively changes the local security policy on the machine.  This WILL work but it only works for local accounts NOT domain accounts.  

If this does work, I would like a step by step procedure posted so I can test it too.  I have found the security policy in Windows 2000 to be one of the few things that doesn't seem to fit properly into the whole active directory idea.  I would definately be interested in finding a way to control it easily and more grainurlarly than at the domain level.
0
 
LVL 1

Author Comment

by:dd021197
ID: 6354968
How to you set it up at domain level then? Through the default domain policy??
0
 
LVL 1

Author Comment

by:dd021197
ID: 6355673
I have worked it out - I'm just setting it at domain level - thanks for your help.

Not sure who to give the points to :-)
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6357754
You gave the points to the right person. Good point about which accounts it will affect rcastle... I would have to try it & may soon.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
New style of hardware planning for Microsoft Exchange server.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question