Solved

Password policy applys to local computer accounts

Posted on 2008-06-19
6
419 Views
Last Modified: 2010-03-17
Could somebody help me out.

We recently implemented a password policy to enforce password history, max age, min age, min length and complexity requirements in the Default Domain Security Settings.  For some reason this is applying to local accounts on computers.  I know that at previous companies I have worked for the domain password policy did not apply to local accounts.  The main problem is the minimum password age applys to the local admin accounts on PC's which is causing them to expire.
0
Comment
Question by:hertel-dev
  • 3
  • 3
6 Comments
 
LVL 14

Expert Comment

by:plug1
Comment Utility
If you have applied them via a group policy by using computers and local security settings then this is what its designed to do.

You want to apply it in the "Domain Security Policy" under administrative tools.
0
 

Author Comment

by:hertel-dev
Comment Utility
It was created in the Domain Security Policy under administrative tools.

Thanks
0
 
LVL 14

Expert Comment

by:plug1
Comment Utility
I would in that cse check your policies for the above in case you have a rogue setting in place somewhere .
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:hertel-dev
Comment Utility
This is what has been configured on DC:
Administrative Tools > Domain Security Policy
Account Policies > Password Policy
Enforce password history: x passwords remembered
Maximum password age: x days
Minimum password age: x days
Maximum password length: x characters
Password must meet complexity requirements: Enabled

In the Default Domain Policy in the GPMC I can see the settings above under Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policies.

Obviously the password policy is under Computer Configuration but I have never had it apply to local accounts before.
0
 
LVL 14

Expert Comment

by:plug1
Comment Utility
I would remove it from the default domain policy under computers and see how you get on.
0
 

Accepted Solution

by:
hertel-dev earned 0 total points
Comment Utility
We managed to fix this ourselves by taking the "Enforced" option off the "Default Domain Policy".
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now