rangass
asked on
Group Policy
I have a 2003 domain and all desktops are windows xp.I have set password expiration for domain accounts to sixty days.But i dont see that policy to be in effect.The password expiration alert does not apper on the users desktop and the users do not change there password as per the Group Policy.
Pls Help.
Thanks,
Ranga.
Pls Help.
Thanks,
Ranga.
ASKER
I have created a Domain Security policy.
ASKER
I have applied it to the domain
Did you create and link a new policy on the domain. Or did you edit the default domain policy?
ASKER
Just edited the default domain policy.
rangass
Have you removed the "password never expires" switch from the user accounts?
Cheers
JamesDS
Have you removed the "password never expires" switch from the user accounts?
Cheers
JamesDS
ASKER
Yes i have removed it
Just checking... it is the domain not the domain controllers that you have edited the GPO.
Next check that users are able to read the GPO.
right click the OU ....properties...group policy tab
ensure that the GPO you created shows in the links list
select the GPO and select properties.
click the security tab...
authenticated users in the top panel... check read and check apply group policy
Cheers,
IceRaven
Next check that users are able to read the GPO.
right click the OU ....properties...group policy tab
ensure that the GPO you created shows in the links list
select the GPO and select properties.
click the security tab...
authenticated users in the top panel... check read and check apply group policy
Cheers,
IceRaven
rangass
Run GPUPDATE.EXE at the domain controller and look in its application event log for SCECLI entries.
Cheers
JamesDS
Run GPUPDATE.EXE at the domain controller and look in its application event log for SCECLI entries.
Cheers
JamesDS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
According to this ariticle,
http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;282224
after you have applied the changes to the domain password policy you will need to:
--Snip--
Steps to Refreshing the Machine Policy on a Domain Controller
Open a command prompt at the domain controller.
Type: secedit /refreshpolicy machine_policy /enforce
The following message should be displayed: "Group policy propagation from the domain has been initiated for this computer. It may take a few minutes for the propagation to complete and the new policy to take effect. Please check Application Log for errors, if any."
--Snip--
Cheers,
IceRaven
http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;282224
after you have applied the changes to the domain password policy you will need to:
--Snip--
Steps to Refreshing the Machine Policy on a Domain Controller
Open a command prompt at the domain controller.
Type: secedit /refreshpolicy machine_policy /enforce
The following message should be displayed: "Group policy propagation from the domain has been initiated for this computer. It may take a few minutes for the propagation to complete and the new policy to take effect. Please check Application Log for errors, if any."
--Snip--
Cheers,
IceRaven
IceRaven
Wrong OS!
This is Windows 2003, the SECEDIT /REFRESHPOLICY comand was replaced in Windows 2003 with GPUPDATE.EXE which always does User and Machine policies.
After this has run, you should then look in its application event log for SCECLI entries.
Cheers
JamesDS
Wrong OS!
This is Windows 2003, the SECEDIT /REFRESHPOLICY comand was replaced in Windows 2003 with GPUPDATE.EXE which always does User and Machine policies.
After this has run, you should then look in its application event log for SCECLI entries.
Cheers
JamesDS
My Appologies,
You are quite right JamesDS.
Cheers,
IceRaven.
You are quite right JamesDS.
Cheers,
IceRaven.
no worries, bl@@dy MS moving the goalposts again :)
JDS
JDS
If they did not move those goalposts, they would not be able to ask us any new questions for re-certification, eh..??
Best idea here is to install the GPMC.. it is a wonderful tool that should have been developed in W2K..!!
But you can also run RSOP on the clients that have XP.. Just:
Start > Open > rsop.msc
and ck to see what policies are being applied..
FE
Best idea here is to install the GPMC.. it is a wonderful tool that should have been developed in W2K..!!
But you can also run RSOP on the clients that have XP.. Just:
Start > Open > rsop.msc
and ck to see what policies are being applied..
FE
FE
Certifications - I haven't got a single one! (unles you count the MS Access v2 course I did in '92)
We put our trainees through those before I let them anywhere near anything important :)
hehehe!
James
Certifications - I haven't got a single one! (unles you count the MS Access v2 course I did in '92)
We put our trainees through those before I let them anywhere near anything important :)
hehehe!
James
*grin* Certs only show the ability to confront a goal and complete it in my book. they show nothing of real world experience, and that is what counts..!!
that being said, my clients like to see them though.. at least they look impressive.. :)
that being said, my clients like to see them though.. at least they look impressive.. :)
rangass
How is your problem looking, we all went of on a bit of a busmans holiday there!
Cheers
JamesDS
How is your problem looking, we all went of on a bit of a busmans holiday there!
Cheers
JamesDS
Did you apply your group policy to the domain, or just to an object unit?
Cheers,
IceRaven