Solved

Not able to turn off the password complexity settings in GPO?

Posted on 2006-07-12
3
708 Views
Last Modified: 2008-01-09
In this SBS 2003 lab I am trying to allow users to make shorter passwords than the 7 char, upper / lower case, etc. taht SBS 2003 defaults to.

First, I'm not asking for a debate of pros / cons of short / long passwords, just the steps to change those defaults...

I am going into group policy under server management, editing the Small Business Server Domain Password Policy (and looking at the other policies... and doing gpupdate / force from the server.  Making new users or users trying to change passwords from the change password screen on their machines shows the complexity settings still in place.

running the modeling wizard on 1 user shows:

Account Policies/Password Policyhide
Policy Setting Winning GPO
Maximum password age 0 days Small Business Server Domain Password Policy
Minimum password age 0 days Small Business Server Domain Password Policy
Minimum password length 3 characters Small Business Server Domain Password Policy
Store passwords using reversible encryption Disabled Small Business Server Domain Password Policy

am I doing something wrong (OK, I know I am... WHAT am I doing wrong! : )
0
Comment
Question by:Techsupportwhiz
3 Comments
 

Author Comment

by:Techsupportwhiz
ID: 17091529
OK!  My bad.  I found this

http://www.experts-exchange.com/Operating_Systems/SBS_Small_Business_Server/Q_21677207.html?query=default+password+policies&topics=1031

remininding me to use the wizards!

OK, so I didn't.  now the policies say 3 character length, but users are required to use the default 7 char, upper / lower, etc...

going into the WIZARD for password policy, it says 3 char and complexity is turned off.  CHanging things has no effect - reopen the WIZARD still shows 3 char and user complexity is still on...

other than blowing away the whole OS or compare this install to another, is there something i can do to recover?!

You do have to manually edit the GPOs for some things, right?  Wizards aren't the answer to everything?  

And is there a URL that spells out all the things the wizard does?  that would help me catch the things I didn't change manually?  thanks!
0
 
LVL 6

Accepted Solution

by:
DaMaestro earned 300 total points
ID: 17094148
The last policy (innermost in AD) to be applied is always the winning policy. If you have SP1 installed, try using the GPMC (Group Policy Management Console). You can then run RSOP on the client machine to verify that there are not other policies being applied as well.

Also, clients get the new policy faster when you reboot, but it may take 30-60 minutes on average.
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 17095390
I just saw a talk on "length of passwords" which explained that this is the ONE key to making passwords secure.  The difference between cracking a 5 letter password and a 15 letter password is something like 6 hours versus 1500 years!

You wouldn't have to manually edit the GPO in this case.  Wizards should be used wherever they exist... and they do in this case.

I'm wondering though... perhaps you didn't use a wizard for something else and that's now showing itself here?

Are your users in the default OU?  (MyBusiness\Users\SBSUsers)?

How about running this command on a workstation?  C:\>gpresult /z >gpresult.txt

This will create a gpresult.txt file which you can post here.

Jeff
TechSoEasy
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now