Solved

Difference between "Local" and "Effective" Paswword Policy

Posted on 2004-09-07
3
189 Views
Last Modified: 2013-12-04
We just got an internal audit, and I was asked to print out our Default Domain Password Policy.  I have it set to remember the last 6 passwords, change every 60 days, minimum of 1 day, and must be at least 6 characters.  This shows correctly under "Effective", but under "Local", the settings are different and much more "relaxed".  If I remember right, "Effective" is what is in use, and "Local" is just the policy for the actual DC server itself, no?  This is when I look at the settings on the actual DC itself.  If I go to AD Users and Computers>Mydomain>(right-click)Properties>Group Policy>Computer Config>Windows Settings>Security Settings>Password Policy, everything looks correct.  I want to make sure before I tell them that they're looking at the "wrong" setting.  Thanks.
0
Comment
Question by:tenover
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 7

Accepted Solution

by:
msice earned 500 total points
ID: 12001732
Yes local is for the local computer account. The Default Domain Password Policy is for the domain. So if you login localy to a computer it will use the "relaxed" local polocy.  
0
 
LVL 1

Expert Comment

by:shinds57
ID: 12007220
You are correct. They should know that DC's have their own Default Domain Controller GPO. This policy allows you to log on locally as a Domain Admin and nobody else can log in locally to the DC.

shinds57
0
 

Author Comment

by:tenover
ID: 12007949
Thanks.  Just wanted to double check.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question