Domain policy doesn't seem to update

In the domain policy, on a Windows 2000 Domain Controller, I set the security policy to warn a user 14 days before their password needs to be changed.  This change was made 2 months ago.

I found out today (the hard way) that a user was forced to change their password without getting any warning at all.  They had to change it upon login.

Since this change to policy was made 2 months ago, and there was a change, the policy certianly would have been updated by now without me having to run secedit /refreshpolicy.

Does anyone have any ideas why this may have happened?  I do not know if it's happened on other machines in the office, but that's the direction I am headed in troubleshooting next.

Thanks!
Scott
LVL 5
scottman29Asked:
Who is Participating?
 
msiceConnect With a Mentor Commented:
I have noticed some systems have a long time between refreshpolicy or just seem to get stuck and dont refresh at all and need secedit /enforce or secedit /refreshpolicy . I see this problem once in a while and I have ased questions here about it and they have not been answerd http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20967916.html I dont find any MS docs about it either. I would run secedit /refreshpolicy on that computer and the problem with that computer will probly go away for a while.
0
 
msiceCommented:
Hey Scott,
Is this policy set in the Default Domain Ploicy?
0
 
scottman29Author Commented:
yes the default domain policy...
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
msiceCommented:
Has the user loged on within the last 14 days?
0
 
scottman29Author Commented:
yes, daily...
0
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
on windows XP you will need to run gpupdate /force as opposed to secedit
0
 
LimeSMJCommented:
I have found that sometimes several reboots (not just logging the user out) are required for policies to update on a machine.
0
 
Pete LongTechnical ConsultantCommented:
ThanQ
0
All Courses

From novice to tech pro — start learning today.