We just got an internal audit, and I was asked to print out our Default Domain Password Policy. I have it set to remember the last 6 passwords, change every 60 days, minimum of 1 day, and must be at least 6 characters. This shows correctly under "Effective", but under "Local", the settings are different and much more "relaxed". If I remember right, "Effective" is what is in use, and "Local" is just the policy for the actual DC server itself, no? This is when I look at the settings on the actual DC itself. If I go to AD Users and Computers>Mydomain>(right-click)Properties>Group Policy>Computer Config>Windows Settings>Security Settings>Password Policy, everything looks correct. I want to make sure before I tell them that they're looking at the "wrong" setting. Thanks.