Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Group Policy Keeps reseting to default

Posted on 2004-09-15
7
Medium Priority
?
397 Views
Last Modified: 2010-04-14
hi,

I've been testing a policy to enforce stronger passwords in W2k due to some changes we have coming up in our organisation - I've applied the changes to the Default Domain Policy on our domain controller but it seems to keep resetting itself to the default (1 password remembered / must change every 730 days / 0 minimum age / 4 chars min / disabled complexity) - I've tried setting No Override and Block Policy Inheritence but have NO idea why this keeps resetting to the default - does anyone have any suggestions as to what is causing this change and how I can make this policy 'stick'?

thanks in advance for any help
0
Comment
Question by:tonybushell
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12068277
when you view the policy on the default domain policy is it actually getting reset there?  or are downlevel domains/OUs/Users not getting the policy applied?
0
 
LVL 1

Author Comment

by:tonybushell
ID: 12068392
hey Mike, thanks - yes, it's getting reset there - and subsequently, none of the OU's or Users are having this applied to them - it sticks for a while, and i was tempted to say it seems to reset over night, but it happened to me about an hour ago, having made the change again first thing this morning.

literally, i PCAnywhere to our Domain Control, use the Active Director Users & Compters tool to view the policy and make the changes - seems to take affect there, if i then reboot or relog i get affected (correctly!) by the policy, but at some point, it seems to be overwritten or erased.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12068500
do you have more than one domain controller?
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 1

Author Comment

by:tonybushell
ID: 12069226
it's a w2k domain, so we only have one PDC but we have several other BDC's (we're global, so we have one in each theatre, US, Europe, AsiaPac, but unless i'm misreadig it, they take their info from our global Domain Controller.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 1000 total points
ID: 12069298
if you are in a 2000 domain there is no such thing as a PDC or BDC,,, those are NT 4.0 terms.  There is an FSMO role called PDC emulator if you happen to be running in mixed mode but that is something alltogether different.  Anyway,,, it sounds like you have a replication problem going on.  Run "netdom query FSMO" to see where all of your FSMO roles are just so you will know....Also,, there is no such thing as a "global" Domain controller.... a DC can hold a copy of the "global catalog" which is basically a full copy of the active directory database.  I would look at your event logs and see if you have any replication problems going on.  More than likely when you put this policy in place on the DC,, it is getting trumped by another DC.  Remember,,, in 2000/2003 domains,,,, all DCs are equal.... read up on FSMO roles and GC placement in these articles:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346

http://support.microsoft.com/default.aspx?scid=kb;EN-US;255690
0
 
LVL 1

Author Comment

by:tonybushell
ID: 12069704
thanks, Mike, much of what you were saying is correct (and i have to say, i'm used to dumbing things down for most of the people i work with so please don't think i'm as unfamiliar with the technology as, in re-reading my post, i believe i sound!) - am looking into replication problems now - thinking back, we did have some other replication issues last year, am now looking to see if there is a commonality between then and now.
0
 
LVL 1

Author Comment

by:tonybushell
ID: 12076664
i ran the netdom query and the listed roles (Schema owner, Domain role owner, PDC role, RID pool manager, Infrastructure owner) are all pointing towards the server where I'm making the changes to the Default Policy - so, in theory i should be good.  still looking into replication conflicts.  thanks again for the suggestions.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Loops Section Overview
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question