Improve company productivity with a Business Account.Sign Up

x
?
Solved

Difference between "Local" and "Effective" Paswword Policy

Posted on 2004-09-07
3
Medium Priority
?
196 Views
Last Modified: 2013-12-04
We just got an internal audit, and I was asked to print out our Default Domain Password Policy.  I have it set to remember the last 6 passwords, change every 60 days, minimum of 1 day, and must be at least 6 characters.  This shows correctly under "Effective", but under "Local", the settings are different and much more "relaxed".  If I remember right, "Effective" is what is in use, and "Local" is just the policy for the actual DC server itself, no?  This is when I look at the settings on the actual DC itself.  If I go to AD Users and Computers>Mydomain>(right-click)Properties>Group Policy>Computer Config>Windows Settings>Security Settings>Password Policy, everything looks correct.  I want to make sure before I tell them that they're looking at the "wrong" setting.  Thanks.
0
Comment
Question by:tenover
3 Comments
 
LVL 7

Accepted Solution

by:
msice earned 1500 total points
ID: 12001732
Yes local is for the local computer account. The Default Domain Password Policy is for the domain. So if you login localy to a computer it will use the "relaxed" local polocy.  
0
 
LVL 1

Expert Comment

by:shinds57
ID: 12007220
You are correct. They should know that DC's have their own Default Domain Controller GPO. This policy allows you to log on locally as a Domain Admin and nobody else can log in locally to the DC.

shinds57
0
 

Author Comment

by:tenover
ID: 12007949
Thanks.  Just wanted to double check.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
When you have multiple client accounts to manage, it often feels like there aren’t enough hours in the day. With too many applications to juggle, you can’t focus on your clients, much less your growing to-do list. But that doesn’t have to be the cas…
Watch the video to know the process of migration of Exchange or Office 365 mailboxes in absence of MS Outlook. It is an eminent tool which can easily migrate Public, Archive user mailboxes from one another Exchange server and Office 365. Kernel Migr…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question