Solved

Group Policy Keeps reseting to default

Posted on 2004-09-15
7
389 Views
Last Modified: 2010-04-14
hi,

I've been testing a policy to enforce stronger passwords in W2k due to some changes we have coming up in our organisation - I've applied the changes to the Default Domain Policy on our domain controller but it seems to keep resetting itself to the default (1 password remembered / must change every 730 days / 0 minimum age / 4 chars min / disabled complexity) - I've tried setting No Override and Block Policy Inheritence but have NO idea why this keeps resetting to the default - does anyone have any suggestions as to what is causing this change and how I can make this policy 'stick'?

thanks in advance for any help
0
Comment
Question by:tonybushell
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12068277
when you view the policy on the default domain policy is it actually getting reset there?  or are downlevel domains/OUs/Users not getting the policy applied?
0
 
LVL 1

Author Comment

by:tonybushell
ID: 12068392
hey Mike, thanks - yes, it's getting reset there - and subsequently, none of the OU's or Users are having this applied to them - it sticks for a while, and i was tempted to say it seems to reset over night, but it happened to me about an hour ago, having made the change again first thing this morning.

literally, i PCAnywhere to our Domain Control, use the Active Director Users & Compters tool to view the policy and make the changes - seems to take affect there, if i then reboot or relog i get affected (correctly!) by the policy, but at some point, it seems to be overwritten or erased.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12068500
do you have more than one domain controller?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 1

Author Comment

by:tonybushell
ID: 12069226
it's a w2k domain, so we only have one PDC but we have several other BDC's (we're global, so we have one in each theatre, US, Europe, AsiaPac, but unless i'm misreadig it, they take their info from our global Domain Controller.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 250 total points
ID: 12069298
if you are in a 2000 domain there is no such thing as a PDC or BDC,,, those are NT 4.0 terms.  There is an FSMO role called PDC emulator if you happen to be running in mixed mode but that is something alltogether different.  Anyway,,, it sounds like you have a replication problem going on.  Run "netdom query FSMO" to see where all of your FSMO roles are just so you will know....Also,, there is no such thing as a "global" Domain controller.... a DC can hold a copy of the "global catalog" which is basically a full copy of the active directory database.  I would look at your event logs and see if you have any replication problems going on.  More than likely when you put this policy in place on the DC,, it is getting trumped by another DC.  Remember,,, in 2000/2003 domains,,,, all DCs are equal.... read up on FSMO roles and GC placement in these articles:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346

http://support.microsoft.com/default.aspx?scid=kb;EN-US;255690
0
 
LVL 1

Author Comment

by:tonybushell
ID: 12069704
thanks, Mike, much of what you were saying is correct (and i have to say, i'm used to dumbing things down for most of the people i work with so please don't think i'm as unfamiliar with the technology as, in re-reading my post, i believe i sound!) - am looking into replication problems now - thinking back, we did have some other replication issues last year, am now looking to see if there is a commonality between then and now.
0
 
LVL 1

Author Comment

by:tonybushell
ID: 12076664
i ran the netdom query and the listed roles (Schema owner, Domain role owner, PDC role, RID pool manager, Infrastructure owner) are all pointing towards the server where I'm making the changes to the Default Policy - so, in theory i should be good.  still looking into replication conflicts.  thanks again for the suggestions.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question