Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

Difference between "Local" and "Effective" Paswword Policy

We just got an internal audit, and I was asked to print out our Default Domain Password Policy.  I have it set to remember the last 6 passwords, change every 60 days, minimum of 1 day, and must be at least 6 characters.  This shows correctly under "Effective", but under "Local", the settings are different and much more "relaxed".  If I remember right, "Effective" is what is in use, and "Local" is just the policy for the actual DC server itself, no?  This is when I look at the settings on the actual DC itself.  If I go to AD Users and Computers>Mydomain>(right-click)Properties>Group Policy>Computer Config>Windows Settings>Security Settings>Password Policy, everything looks correct.  I want to make sure before I tell them that they're looking at the "wrong" setting.  Thanks.
0
tenover
Asked:
tenover
1 Solution
 
msiceCommented:
Yes local is for the local computer account. The Default Domain Password Policy is for the domain. So if you login localy to a computer it will use the "relaxed" local polocy.  
0
 
shinds57Commented:
You are correct. They should know that DC's have their own Default Domain Controller GPO. This policy allows you to log on locally as a Domain Admin and nobody else can log in locally to the DC.

shinds57
0
 
tenoverAuthor Commented:
Thanks.  Just wanted to double check.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now