[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Not able to turn off the password complexity settings in GPO?

Posted on 2006-07-12
3
Medium Priority
?
719 Views
Last Modified: 2008-01-09
In this SBS 2003 lab I am trying to allow users to make shorter passwords than the 7 char, upper / lower case, etc. taht SBS 2003 defaults to.

First, I'm not asking for a debate of pros / cons of short / long passwords, just the steps to change those defaults...

I am going into group policy under server management, editing the Small Business Server Domain Password Policy (and looking at the other policies... and doing gpupdate / force from the server.  Making new users or users trying to change passwords from the change password screen on their machines shows the complexity settings still in place.

running the modeling wizard on 1 user shows:

Account Policies/Password Policyhide
Policy Setting Winning GPO
Maximum password age 0 days Small Business Server Domain Password Policy
Minimum password age 0 days Small Business Server Domain Password Policy
Minimum password length 3 characters Small Business Server Domain Password Policy
Store passwords using reversible encryption Disabled Small Business Server Domain Password Policy

am I doing something wrong (OK, I know I am... WHAT am I doing wrong! : )
0
Comment
Question by:Techsupportwhiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Author Comment

by:Techsupportwhiz
ID: 17091529
OK!  My bad.  I found this

http://www.experts-exchange.com/Operating_Systems/SBS_Small_Business_Server/Q_21677207.html?query=default+password+policies&topics=1031

remininding me to use the wizards!

OK, so I didn't.  now the policies say 3 character length, but users are required to use the default 7 char, upper / lower, etc...

going into the WIZARD for password policy, it says 3 char and complexity is turned off.  CHanging things has no effect - reopen the WIZARD still shows 3 char and user complexity is still on...

other than blowing away the whole OS or compare this install to another, is there something i can do to recover?!

You do have to manually edit the GPOs for some things, right?  Wizards aren't the answer to everything?  

And is there a URL that spells out all the things the wizard does?  that would help me catch the things I didn't change manually?  thanks!
0
 
LVL 6

Accepted Solution

by:
DaMaestro earned 1200 total points
ID: 17094148
The last policy (innermost in AD) to be applied is always the winning policy. If you have SP1 installed, try using the GPMC (Group Policy Management Console). You can then run RSOP on the client machine to verify that there are not other policies being applied as well.

Also, clients get the new policy faster when you reboot, but it may take 30-60 minutes on average.
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 800 total points
ID: 17095390
I just saw a talk on "length of passwords" which explained that this is the ONE key to making passwords secure.  The difference between cracking a 5 letter password and a 15 letter password is something like 6 hours versus 1500 years!

You wouldn't have to manually edit the GPO in this case.  Wizards should be used wherever they exist... and they do in this case.

I'm wondering though... perhaps you didn't use a wizard for something else and that's now showing itself here?

Are your users in the default OU?  (MyBusiness\Users\SBSUsers)?

How about running this command on a workstation?  C:\>gpresult /z >gpresult.txt

This will create a gpresult.txt file which you can post here.

Jeff
TechSoEasy
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question