mnbookman
asked on
Password Policy on SBS 2003 R2: Advanced Management
I'm running a small business server 2003.
From the Server Management, I go to Advanced Management -> Group Policy Management -> Domains -> domain.local -> Small Business Server Domain Password Policy.
The current policy sets the Maximum Password Age to 14 days, and the minimum length is 8 characters.
I want 45 days and 15 characters as the minimum. So I right click on the policy, and go to edit. It brings up the Group Policy Object Editor.
I go to Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -. Password Policy.
I edit Maximum password age to 45 days, and put 14 characters as minimum length (It will not let me select 15).
Now, here is the thing: Above the "Small Business Server Domain Password Policy" I have a "Default Domain Policy" that is set to 42 days for max age and 7 characters for minimum length.
There is a conflict here... why is it that when I open these to edit, GPO Editor is opened?
How do I trace these conflicting policies down and get the result that I want?!
From the Server Management, I go to Advanced Management -> Group Policy Management -> Domains -> domain.local -> Small Business Server Domain Password Policy.
The current policy sets the Maximum Password Age to 14 days, and the minimum length is 8 characters.
I want 45 days and 15 characters as the minimum. So I right click on the policy, and go to edit. It brings up the Group Policy Object Editor.
I go to Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -. Password Policy.
I edit Maximum password age to 45 days, and put 14 characters as minimum length (It will not let me select 15).
Now, here is the thing: Above the "Small Business Server Domain Password Policy" I have a "Default Domain Policy" that is set to 42 days for max age and 7 characters for minimum length.
There is a conflict here... why is it that when I open these to edit, GPO Editor is opened?
How do I trace these conflicting policies down and get the result that I want?!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks DrDave242, with your help, I may have this licked... Is there any way to check account statistics for individual users - for example, how many days are left before their password change?
I was completely misunderstanding how policies are laid out. Under Domains ->domain.local, I thought each policy was a SUMMARY, and wasn't understanding that when I right clicked on one and selected 'Edit' that I was only editing THAT policy. I thought each edit was taking me to the same place.
Now I understand there is a hierarchy.
I was completely misunderstanding how policies are laid out. Under Domains ->domain.local, I thought each policy was a SUMMARY, and wasn't understanding that when I right clicked on one and selected 'Edit' that I was only editing THAT policy. I thought each edit was taking me to the same place.
Now I understand there is a hierarchy.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How do I trace policies to see which ones are in effect?