GPO setting not being enforced

Posted on 2007-10-11
Last Modified: 2012-06-21
I have a Windows 2003 Server Active Directory domain.  I have two group policies which I apply domain wide.

I had initially enabled password expiry, but them shortly after removed it.

For some reason, now, users are still getting prompted that their password is to expire even though no GPO has this feature enabled.

I have run gpupdate /force on a machine and also used SpecOps AD extension to run gpupdate /force on all machines in the domain.

Any suggestions would be greatly appreciated
Question by:pgp4privacy
    LVL 11

    Expert Comment

    The first thing to note, which you may already know, is that an Active Directory domain can only have one password policy and it applies to all users.  You can't stop it applying to certain users or only apply it to certain users.  It also must be defined in a GPO linked to the root of the domain. (see for more info).

    Try running 'gpresult /v' from one of the PCs.  This will show you the GP settings that are in force on that PC which might help identify where the password policy is coming from.
    LVL 3

    Accepted Solution

    once you have enabled password expiry policy...and users a/c password status will then be expiried...

    try to set users password will never expiry.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now