Solved

Group Policy Keeps reseting to default

Posted on 2004-09-15
7
384 Views
Last Modified: 2010-04-14
hi,

I've been testing a policy to enforce stronger passwords in W2k due to some changes we have coming up in our organisation - I've applied the changes to the Default Domain Policy on our domain controller but it seems to keep resetting itself to the default (1 password remembered / must change every 730 days / 0 minimum age / 4 chars min / disabled complexity) - I've tried setting No Override and Block Policy Inheritence but have NO idea why this keeps resetting to the default - does anyone have any suggestions as to what is causing this change and how I can make this policy 'stick'?

thanks in advance for any help
0
Comment
Question by:tonybushell
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
when you view the policy on the default domain policy is it actually getting reset there?  or are downlevel domains/OUs/Users not getting the policy applied?
0
 
LVL 1

Author Comment

by:tonybushell
Comment Utility
hey Mike, thanks - yes, it's getting reset there - and subsequently, none of the OU's or Users are having this applied to them - it sticks for a while, and i was tempted to say it seems to reset over night, but it happened to me about an hour ago, having made the change again first thing this morning.

literally, i PCAnywhere to our Domain Control, use the Active Director Users & Compters tool to view the policy and make the changes - seems to take affect there, if i then reboot or relog i get affected (correctly!) by the policy, but at some point, it seems to be overwritten or erased.
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
do you have more than one domain controller?
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 1

Author Comment

by:tonybushell
Comment Utility
it's a w2k domain, so we only have one PDC but we have several other BDC's (we're global, so we have one in each theatre, US, Europe, AsiaPac, but unless i'm misreadig it, they take their info from our global Domain Controller.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 250 total points
Comment Utility
if you are in a 2000 domain there is no such thing as a PDC or BDC,,, those are NT 4.0 terms.  There is an FSMO role called PDC emulator if you happen to be running in mixed mode but that is something alltogether different.  Anyway,,, it sounds like you have a replication problem going on.  Run "netdom query FSMO" to see where all of your FSMO roles are just so you will know....Also,, there is no such thing as a "global" Domain controller.... a DC can hold a copy of the "global catalog" which is basically a full copy of the active directory database.  I would look at your event logs and see if you have any replication problems going on.  More than likely when you put this policy in place on the DC,, it is getting trumped by another DC.  Remember,,, in 2000/2003 domains,,,, all DCs are equal.... read up on FSMO roles and GC placement in these articles:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346

http://support.microsoft.com/default.aspx?scid=kb;EN-US;255690
0
 
LVL 1

Author Comment

by:tonybushell
Comment Utility
thanks, Mike, much of what you were saying is correct (and i have to say, i'm used to dumbing things down for most of the people i work with so please don't think i'm as unfamiliar with the technology as, in re-reading my post, i believe i sound!) - am looking into replication problems now - thinking back, we did have some other replication issues last year, am now looking to see if there is a commonality between then and now.
0
 
LVL 1

Author Comment

by:tonybushell
Comment Utility
i ran the netdom query and the listed roles (Schema owner, Domain role owner, PDC role, RID pool manager, Infrastructure owner) are all pointing towards the server where I'm making the changes to the Default Policy - so, in theory i should be good.  still looking into replication conflicts.  thanks again for the suggestions.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now