• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 165
  • Last Modified:

Domain policy doesn't seem to update

In the domain policy, on a Windows 2000 Domain Controller, I set the security policy to warn a user 14 days before their password needs to be changed.  This change was made 2 months ago.

I found out today (the hard way) that a user was forced to change their password without getting any warning at all.  They had to change it upon login.

Since this change to policy was made 2 months ago, and there was a change, the policy certianly would have been updated by now without me having to run secedit /refreshpolicy.

Does anyone have any ideas why this may have happened?  I do not know if it's happened on other machines in the office, but that's the direction I am headed in troubleshooting next.

Thanks!
Scott
0
scottman29
Asked:
scottman29
  • 3
  • 2
  • 2
  • +1
2 Solutions
 
msiceCommented:
Hey Scott,
Is this policy set in the Default Domain Ploicy?
0
 
scottman29Author Commented:
yes the default domain policy...
0
 
msiceCommented:
Has the user loged on within the last 14 days?
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
scottman29Author Commented:
yes, daily...
0
 
msiceCommented:
I have noticed some systems have a long time between refreshpolicy or just seem to get stuck and dont refresh at all and need secedit /enforce or secedit /refreshpolicy . I see this problem once in a while and I have ased questions here about it and they have not been answerd http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20967916.html I dont find any MS docs about it either. I would run secedit /refreshpolicy on that computer and the problem with that computer will probly go away for a while.
0
 
Pete LongTechnical ConsultantCommented:
on windows XP you will need to run gpupdate /force as opposed to secedit
0
 
LimeSMJCommented:
I have found that sometimes several reboots (not just logging the user out) are required for policies to update on a machine.
0
 
Pete LongTechnical ConsultantCommented:
ThanQ
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now