Password policy applys to local computer accounts

Posted on 2008-06-19
Last Modified: 2010-03-17
Could somebody help me out.

We recently implemented a password policy to enforce password history, max age, min age, min length and complexity requirements in the Default Domain Security Settings.  For some reason this is applying to local accounts on computers.  I know that at previous companies I have worked for the domain password policy did not apply to local accounts.  The main problem is the minimum password age applys to the local admin accounts on PC's which is causing them to expire.
Question by:hertel-dev
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 14

Expert Comment

ID: 21820726
If you have applied them via a group policy by using computers and local security settings then this is what its designed to do.

You want to apply it in the "Domain Security Policy" under administrative tools.

Author Comment

ID: 21820813
It was created in the Domain Security Policy under administrative tools.

LVL 14

Expert Comment

ID: 21820872
I would in that cse check your policies for the above in case you have a rogue setting in place somewhere .
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 21821193
This is what has been configured on DC:
Administrative Tools > Domain Security Policy
Account Policies > Password Policy
Enforce password history: x passwords remembered
Maximum password age: x days
Minimum password age: x days
Maximum password length: x characters
Password must meet complexity requirements: Enabled

In the Default Domain Policy in the GPMC I can see the settings above under Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policies.

Obviously the password policy is under Computer Configuration but I have never had it apply to local accounts before.
LVL 14

Expert Comment

ID: 21821278
I would remove it from the default domain policy under computers and see how you get on.

Accepted Solution

hertel-dev earned 0 total points
ID: 22068433
We managed to fix this ourselves by taking the "Enforced" option off the "Default Domain Policy".

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” ( provided 218 attendees with a step-by-step guide for…
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question