Solved

Group Policy Keeps reseting to default

Posted on 2004-09-15
7
388 Views
Last Modified: 2010-04-14
hi,

I've been testing a policy to enforce stronger passwords in W2k due to some changes we have coming up in our organisation - I've applied the changes to the Default Domain Policy on our domain controller but it seems to keep resetting itself to the default (1 password remembered / must change every 730 days / 0 minimum age / 4 chars min / disabled complexity) - I've tried setting No Override and Block Policy Inheritence but have NO idea why this keeps resetting to the default - does anyone have any suggestions as to what is causing this change and how I can make this policy 'stick'?

thanks in advance for any help
0
Comment
Question by:tonybushell
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12068277
when you view the policy on the default domain policy is it actually getting reset there?  or are downlevel domains/OUs/Users not getting the policy applied?
0
 
LVL 1

Author Comment

by:tonybushell
ID: 12068392
hey Mike, thanks - yes, it's getting reset there - and subsequently, none of the OU's or Users are having this applied to them - it sticks for a while, and i was tempted to say it seems to reset over night, but it happened to me about an hour ago, having made the change again first thing this morning.

literally, i PCAnywhere to our Domain Control, use the Active Director Users & Compters tool to view the policy and make the changes - seems to take affect there, if i then reboot or relog i get affected (correctly!) by the policy, but at some point, it seems to be overwritten or erased.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12068500
do you have more than one domain controller?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 1

Author Comment

by:tonybushell
ID: 12069226
it's a w2k domain, so we only have one PDC but we have several other BDC's (we're global, so we have one in each theatre, US, Europe, AsiaPac, but unless i'm misreadig it, they take their info from our global Domain Controller.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 250 total points
ID: 12069298
if you are in a 2000 domain there is no such thing as a PDC or BDC,,, those are NT 4.0 terms.  There is an FSMO role called PDC emulator if you happen to be running in mixed mode but that is something alltogether different.  Anyway,,, it sounds like you have a replication problem going on.  Run "netdom query FSMO" to see where all of your FSMO roles are just so you will know....Also,, there is no such thing as a "global" Domain controller.... a DC can hold a copy of the "global catalog" which is basically a full copy of the active directory database.  I would look at your event logs and see if you have any replication problems going on.  More than likely when you put this policy in place on the DC,, it is getting trumped by another DC.  Remember,,, in 2000/2003 domains,,,, all DCs are equal.... read up on FSMO roles and GC placement in these articles:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346

http://support.microsoft.com/default.aspx?scid=kb;EN-US;255690
0
 
LVL 1

Author Comment

by:tonybushell
ID: 12069704
thanks, Mike, much of what you were saying is correct (and i have to say, i'm used to dumbing things down for most of the people i work with so please don't think i'm as unfamiliar with the technology as, in re-reading my post, i believe i sound!) - am looking into replication problems now - thinking back, we did have some other replication issues last year, am now looking to see if there is a commonality between then and now.
0
 
LVL 1

Author Comment

by:tonybushell
ID: 12076664
i ran the netdom query and the listed roles (Schema owner, Domain role owner, PDC role, RID pool manager, Infrastructure owner) are all pointing towards the server where I'm making the changes to the Default Policy - so, in theory i should be good.  still looking into replication conflicts.  thanks again for the suggestions.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This tutorial shows how to create a greeting card by combining two image layers and a text layer on a PC using a free image editing app.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question