Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 441
  • Last Modified:

Password policy applys to local computer accounts

Could somebody help me out.

We recently implemented a password policy to enforce password history, max age, min age, min length and complexity requirements in the Default Domain Security Settings.  For some reason this is applying to local accounts on computers.  I know that at previous companies I have worked for the domain password policy did not apply to local accounts.  The main problem is the minimum password age applys to the local admin accounts on PC's which is causing them to expire.
0
hertel-dev
Asked:
hertel-dev
  • 3
  • 3
1 Solution
 
plug1Commented:
If you have applied them via a group policy by using computers and local security settings then this is what its designed to do.

You want to apply it in the "Domain Security Policy" under administrative tools.
0
 
hertel-devAuthor Commented:
It was created in the Domain Security Policy under administrative tools.

Thanks
0
 
plug1Commented:
I would in that cse check your policies for the above in case you have a rogue setting in place somewhere .
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
hertel-devAuthor Commented:
This is what has been configured on DC:
Administrative Tools > Domain Security Policy
Account Policies > Password Policy
Enforce password history: x passwords remembered
Maximum password age: x days
Minimum password age: x days
Maximum password length: x characters
Password must meet complexity requirements: Enabled

In the Default Domain Policy in the GPMC I can see the settings above under Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policies.

Obviously the password policy is under Computer Configuration but I have never had it apply to local accounts before.
0
 
plug1Commented:
I would remove it from the default domain policy under computers and see how you get on.
0
 
hertel-devAuthor Commented:
We managed to fix this ourselves by taking the "Enforced" option off the "Default Domain Policy".
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now