Solved

Not able to turn off the password complexity settings in GPO?

Posted on 2006-07-12
3
709 Views
Last Modified: 2008-01-09
In this SBS 2003 lab I am trying to allow users to make shorter passwords than the 7 char, upper / lower case, etc. taht SBS 2003 defaults to.

First, I'm not asking for a debate of pros / cons of short / long passwords, just the steps to change those defaults...

I am going into group policy under server management, editing the Small Business Server Domain Password Policy (and looking at the other policies... and doing gpupdate / force from the server.  Making new users or users trying to change passwords from the change password screen on their machines shows the complexity settings still in place.

running the modeling wizard on 1 user shows:

Account Policies/Password Policyhide
Policy Setting Winning GPO
Maximum password age 0 days Small Business Server Domain Password Policy
Minimum password age 0 days Small Business Server Domain Password Policy
Minimum password length 3 characters Small Business Server Domain Password Policy
Store passwords using reversible encryption Disabled Small Business Server Domain Password Policy

am I doing something wrong (OK, I know I am... WHAT am I doing wrong! : )
0
Comment
Question by:Techsupportwhiz
3 Comments
 

Author Comment

by:Techsupportwhiz
ID: 17091529
OK!  My bad.  I found this

http://www.experts-exchange.com/Operating_Systems/SBS_Small_Business_Server/Q_21677207.html?query=default+password+policies&topics=1031

remininding me to use the wizards!

OK, so I didn't.  now the policies say 3 character length, but users are required to use the default 7 char, upper / lower, etc...

going into the WIZARD for password policy, it says 3 char and complexity is turned off.  CHanging things has no effect - reopen the WIZARD still shows 3 char and user complexity is still on...

other than blowing away the whole OS or compare this install to another, is there something i can do to recover?!

You do have to manually edit the GPOs for some things, right?  Wizards aren't the answer to everything?  

And is there a URL that spells out all the things the wizard does?  that would help me catch the things I didn't change manually?  thanks!
0
 
LVL 6

Accepted Solution

by:
DaMaestro earned 300 total points
ID: 17094148
The last policy (innermost in AD) to be applied is always the winning policy. If you have SP1 installed, try using the GPMC (Group Policy Management Console). You can then run RSOP on the client machine to verify that there are not other policies being applied as well.

Also, clients get the new policy faster when you reboot, but it may take 30-60 minutes on average.
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 17095390
I just saw a talk on "length of passwords" which explained that this is the ONE key to making passwords secure.  The difference between cracking a 5 letter password and a 15 letter password is something like 6 hours versus 1500 years!

You wouldn't have to manually edit the GPO in this case.  Wizards should be used wherever they exist... and they do in this case.

I'm wondering though... perhaps you didn't use a wizard for something else and that's now showing itself here?

Are your users in the default OU?  (MyBusiness\Users\SBSUsers)?

How about running this command on a workstation?  C:\>gpresult /z >gpresult.txt

This will create a gpresult.txt file which you can post here.

Jeff
TechSoEasy
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now