Solved

Not able to turn off the password complexity settings in GPO?

Posted on 2006-07-12
3
711 Views
Last Modified: 2008-01-09
In this SBS 2003 lab I am trying to allow users to make shorter passwords than the 7 char, upper / lower case, etc. taht SBS 2003 defaults to.

First, I'm not asking for a debate of pros / cons of short / long passwords, just the steps to change those defaults...

I am going into group policy under server management, editing the Small Business Server Domain Password Policy (and looking at the other policies... and doing gpupdate / force from the server.  Making new users or users trying to change passwords from the change password screen on their machines shows the complexity settings still in place.

running the modeling wizard on 1 user shows:

Account Policies/Password Policyhide
Policy Setting Winning GPO
Maximum password age 0 days Small Business Server Domain Password Policy
Minimum password age 0 days Small Business Server Domain Password Policy
Minimum password length 3 characters Small Business Server Domain Password Policy
Store passwords using reversible encryption Disabled Small Business Server Domain Password Policy

am I doing something wrong (OK, I know I am... WHAT am I doing wrong! : )
0
Comment
Question by:Techsupportwhiz
3 Comments
 

Author Comment

by:Techsupportwhiz
ID: 17091529
OK!  My bad.  I found this

http://www.experts-exchange.com/Operating_Systems/SBS_Small_Business_Server/Q_21677207.html?query=default+password+policies&topics=1031

remininding me to use the wizards!

OK, so I didn't.  now the policies say 3 character length, but users are required to use the default 7 char, upper / lower, etc...

going into the WIZARD for password policy, it says 3 char and complexity is turned off.  CHanging things has no effect - reopen the WIZARD still shows 3 char and user complexity is still on...

other than blowing away the whole OS or compare this install to another, is there something i can do to recover?!

You do have to manually edit the GPOs for some things, right?  Wizards aren't the answer to everything?  

And is there a URL that spells out all the things the wizard does?  that would help me catch the things I didn't change manually?  thanks!
0
 
LVL 6

Accepted Solution

by:
DaMaestro earned 300 total points
ID: 17094148
The last policy (innermost in AD) to be applied is always the winning policy. If you have SP1 installed, try using the GPMC (Group Policy Management Console). You can then run RSOP on the client machine to verify that there are not other policies being applied as well.

Also, clients get the new policy faster when you reboot, but it may take 30-60 minutes on average.
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 17095390
I just saw a talk on "length of passwords" which explained that this is the ONE key to making passwords secure.  The difference between cracking a 5 letter password and a 15 letter password is something like 6 hours versus 1500 years!

You wouldn't have to manually edit the GPO in this case.  Wizards should be used wherever they exist... and they do in this case.

I'm wondering though... perhaps you didn't use a wizard for something else and that's now showing itself here?

Are your users in the default OU?  (MyBusiness\Users\SBSUsers)?

How about running this command on a workstation?  C:\>gpresult /z >gpresult.txt

This will create a gpresult.txt file which you can post here.

Jeff
TechSoEasy
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question