Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 401
  • Last Modified:

Group Policy Keeps reseting to default

hi,

I've been testing a policy to enforce stronger passwords in W2k due to some changes we have coming up in our organisation - I've applied the changes to the Default Domain Policy on our domain controller but it seems to keep resetting itself to the default (1 password remembered / must change every 730 days / 0 minimum age / 4 chars min / disabled complexity) - I've tried setting No Override and Block Policy Inheritence but have NO idea why this keeps resetting to the default - does anyone have any suggestions as to what is causing this change and how I can make this policy 'stick'?

thanks in advance for any help
0
tonybushell
Asked:
tonybushell
  • 4
  • 3
1 Solution
 
mikeleebrlaCommented:
when you view the policy on the default domain policy is it actually getting reset there?  or are downlevel domains/OUs/Users not getting the policy applied?
0
 
tonybushellAuthor Commented:
hey Mike, thanks - yes, it's getting reset there - and subsequently, none of the OU's or Users are having this applied to them - it sticks for a while, and i was tempted to say it seems to reset over night, but it happened to me about an hour ago, having made the change again first thing this morning.

literally, i PCAnywhere to our Domain Control, use the Active Director Users & Compters tool to view the policy and make the changes - seems to take affect there, if i then reboot or relog i get affected (correctly!) by the policy, but at some point, it seems to be overwritten or erased.
0
 
mikeleebrlaCommented:
do you have more than one domain controller?
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
tonybushellAuthor Commented:
it's a w2k domain, so we only have one PDC but we have several other BDC's (we're global, so we have one in each theatre, US, Europe, AsiaPac, but unless i'm misreadig it, they take their info from our global Domain Controller.
0
 
mikeleebrlaCommented:
if you are in a 2000 domain there is no such thing as a PDC or BDC,,, those are NT 4.0 terms.  There is an FSMO role called PDC emulator if you happen to be running in mixed mode but that is something alltogether different.  Anyway,,, it sounds like you have a replication problem going on.  Run "netdom query FSMO" to see where all of your FSMO roles are just so you will know....Also,, there is no such thing as a "global" Domain controller.... a DC can hold a copy of the "global catalog" which is basically a full copy of the active directory database.  I would look at your event logs and see if you have any replication problems going on.  More than likely when you put this policy in place on the DC,, it is getting trumped by another DC.  Remember,,, in 2000/2003 domains,,,, all DCs are equal.... read up on FSMO roles and GC placement in these articles:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346

http://support.microsoft.com/default.aspx?scid=kb;EN-US;255690
0
 
tonybushellAuthor Commented:
thanks, Mike, much of what you were saying is correct (and i have to say, i'm used to dumbing things down for most of the people i work with so please don't think i'm as unfamiliar with the technology as, in re-reading my post, i believe i sound!) - am looking into replication problems now - thinking back, we did have some other replication issues last year, am now looking to see if there is a commonality between then and now.
0
 
tonybushellAuthor Commented:
i ran the netdom query and the listed roles (Schema owner, Domain role owner, PDC role, RID pool manager, Infrastructure owner) are all pointing towards the server where I'm making the changes to the Default Policy - so, in theory i should be good.  still looking into replication conflicts.  thanks again for the suggestions.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now