Solved

Password policy applys to local computer accounts

Posted on 2008-06-19
6
423 Views
Last Modified: 2010-03-17
Could somebody help me out.

We recently implemented a password policy to enforce password history, max age, min age, min length and complexity requirements in the Default Domain Security Settings.  For some reason this is applying to local accounts on computers.  I know that at previous companies I have worked for the domain password policy did not apply to local accounts.  The main problem is the minimum password age applys to the local admin accounts on PC's which is causing them to expire.
0
Comment
Question by:hertel-dev
  • 3
  • 3
6 Comments
 
LVL 14

Expert Comment

by:plug1
ID: 21820726
If you have applied them via a group policy by using computers and local security settings then this is what its designed to do.

You want to apply it in the "Domain Security Policy" under administrative tools.
0
 

Author Comment

by:hertel-dev
ID: 21820813
It was created in the Domain Security Policy under administrative tools.

Thanks
0
 
LVL 14

Expert Comment

by:plug1
ID: 21820872
I would in that cse check your policies for the above in case you have a rogue setting in place somewhere .
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:hertel-dev
ID: 21821193
This is what has been configured on DC:
Administrative Tools > Domain Security Policy
Account Policies > Password Policy
Enforce password history: x passwords remembered
Maximum password age: x days
Minimum password age: x days
Maximum password length: x characters
Password must meet complexity requirements: Enabled

In the Default Domain Policy in the GPMC I can see the settings above under Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policies.

Obviously the password policy is under Computer Configuration but I have never had it apply to local accounts before.
0
 
LVL 14

Expert Comment

by:plug1
ID: 21821278
I would remove it from the default domain policy under computers and see how you get on.
0
 

Accepted Solution

by:
hertel-dev earned 0 total points
ID: 22068433
We managed to fix this ourselves by taking the "Enforced" option off the "Default Domain Policy".
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question