SDTech92037
asked on
Password Policies grayed out so I can't change them Server 2008 r2
I am setting up win sever 2008 r2 as a domain controller, now the default password setting is to change the pw at 42 days. I need to change this, but when i go to local secuirty policy console, open the account policies and then the Password Polisy, then the maximum password age the dialog box is greyed out.
How do i get past this?
How do i get past this?
I believe you need to alter it on your SBS box. It is a domain policy you (or whoever) setup in first place which will be enforced to all machines in your domain.
If you changed the password policy it will affect all users. However you can give exemptions in your case so e.g. you may exempt Administrator from the policy.
Also in 2008 I think you can have different password policy applied to OUs (rather than in 2003 only one password policy allowed).
If you changed the password policy it will affect all users. However you can give exemptions in your case so e.g. you may exempt Administrator from the policy.
Also in 2008 I think you can have different password policy applied to OUs (rather than in 2003 only one password policy allowed).
ASKER
Krzysztof, I could not find the place in gpedit to change the password expiration policy, could you give me a tip? to find it please.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I get there, but the box to enter the chage is greyed out.
Please run on this machine RSoP.msc and go to that node and check if you see any policy name. If so, it means that it is inherited from the domain and it's locked to edit at this level.
Krzysztof
Krzysztof
ASKER
I opened "active directory users and computers" right clicked on the domain, selected properties and the attribute editor tab, scrolled down to maxPwdAge and clicked edit. changed it here. Thanks to comment by isiek "If it is a domain member server, then that policy will be overwritten by Default Domain Policy at the domain level, because policies are applied in this order: LSDOU
L -> local ; S -> site ; D -> domain ; OU -> organizational unit and sub OU" gave me the direction to go in.
Thank you Isiek!
L -> local ; S -> site ; D -> domain ; OU -> organizational unit and sub OU" gave me the direction to go in.
Thank you Isiek!
You're welcome :]
ASKER
I opened "active directory users and computers" right clicked on the domain, selected properties and the attribute editor tab, scrolled down to maxPwdAge and clicked edit. changed it here. Thanks to comment by isiek "If it is a domain member server, then that policy will be overwritten by Default Domain Policy at the domain level, because policies are applied in this order: LSDOU
L -> local ; S -> site ; D -> domain ; OU -> organizational unit and sub OU" gave me the direction to go in.
Thank you Isiek
L -> local ; S -> site ; D -> domain ; OU -> organizational unit and sub OU" gave me the direction to go in.
Thank you Isiek
Hi,
In Windows Server 2012 R2 your are unable to change the default password must meet the complexity using gpedit.msc.
But there is solution for that.
1. Run--> gpmc.msc--->expand the <forest name>---> expand the Domains and expand<Domain name>---> right click on default domain policy ---> Edit.
2. In the group policy editor window---> expand the Computer configuration---> expand the policies--->windows settings ---> security settings----> account policy---> double click on password policy----> double click on password must meet the complexity requirements and here you can able to check the enable and disable radio buttons.
So your issue should be resolved....
All the best............
Vikram Kumar.
In Windows Server 2012 R2 your are unable to change the default password must meet the complexity using gpedit.msc.
But there is solution for that.
1. Run--> gpmc.msc--->expand the <forest name>---> expand the Domains and expand<Domain name>---> right click on default domain policy ---> Edit.
2. In the group policy editor window---> expand the Computer configuration---> expand the policies--->windows settings ---> security settings----> account policy---> double click on password policy----> double click on password must meet the complexity requirements and here you can able to check the enable and disable radio buttons.
So your issue should be resolved....
All the best............
Vikram Kumar.
Hi,
you can edit all policy setting like above comment using gpmc.msc.
All the best.....
Vikram Kumar.
you can edit all policy setting like above comment using gpmc.msc.
All the best.....
Vikram Kumar.
If you want to be able to modify local policies you need higher permissions for that :)
Regards,
Krzysztof