[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Group Policy - Password Policy not working

Posted on 2004-10-29
8
Medium Priority
?
221 Views
Last Modified: 2010-04-19
We just migrating off Novell and I'm trying to implement a password through GP.  As a test I've moved my computer and user account into a test OU and applied a GP that enforces a password policy.  The policy states the following

password history is 3 entries
max password age is 1 day (for test purposes)
min age is 0 days
min password length is 7 char
complexity is enabled
lockout threshold is 3
lockout duration is 30min
lockout reset is 30min

After implementing the policy I refreshed it on my w2k workstation.  So a day has gone by (does it go by hours or by the date??) and it hasn't prompted me to change my password.  Do I need to reboot in order for this to happen?  If so that would not be very good considering most in our organization reboot once a month.  

Also when my computer was locked I purposely entered more than 3 wrong passwords and it didn't lock me out.

What gives?
0
Comment
Question by:shanna1017
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 12446246
shanna1017
Password policies can only be applied at domain level - OU based password policies have no effect.

Cheers

JamesDS
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12446263
shanna1017
Sorry, OU based password policies have no effect - except to apply to local machine passwords.

Cheers

JamesDS
0
 

Author Comment

by:shanna1017
ID: 12446266
Thanks for the quick response.  So there's no way to test the policy without applying it domain-wide?  I just want to see how this will affect the users so I can explain before I implement.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 16

Accepted Solution

by:
JamesDS earned 200 total points
ID: 12446302
shanna1017

You could create a new domain wide policy and use the GPO security permissions to deny ALL but your test users access to read and apply the policy. Don't forget to deny all you machines as well - except your test kit.

If this doesn't work, you'll need a test domain.

Cheers

JamesDS
0
 

Author Comment

by:shanna1017
ID: 12446398
good idea.  Since it's a computer policy wouldn't I only need to deny the computer accounts access?  
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12446467
shanna1017
no, both. Password policies apply to Domain User accounts and local machines - so to ensure you don't accidentally apply it somewhere you must deny access to all users and all machines.

Cheers

JamesDS
0
 

Author Comment

by:shanna1017
ID: 12446875
yet another question (I'll raise the points)

So do I have to go in and manually add each computer object and user object?  I was under the impression I couldn't use security groups with group policies.  Or maybe it's that I can't apply a gp to security groups within an OU.  Also, if I can add a security group such as everyone and then deny, won't that override the allow that I create for my test group?
0
 

Author Comment

by:shanna1017
ID: 12446891
how do I add more points once i've already accepted a solution?
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question