Avatar of mightyquinn889
mightyquinn889
 asked on

Password Policy GPO being denied because it's "blank"

Hello Expert,

I have a WIndows Server 2003 DC,  I created a new GPO to enforce our Password Policy.

I applied it to a test OU and it doesn't work. When I run the RSOP it say's the User Configuraion is denied because it's blank.

Now I understand a User Config needs to be applied to users, and computer config needs to be applied to computers.

Problem is the Password Policy settings are in the Computer Config, so how do you apply them to users in OU's?  Or can you only create a Password Policy in the Default Domain Policy?

Thanks in advance
Active DirectoryWindows Server 2003

Avatar of undefined
Last Comment
mightyquinn889

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Mike Kline

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Sandesh Dubey

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
mightyquinn889

ASKER
Thanks Mike,

So I don't want to apply the password policy to the entire domain at one time, so I guess I can create a new domain policy for passwords and block inherentance on the OU's I don't want it to apply to?

Does that sound like a good strategy?
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mike Kline

unfortunately no in 2003 that password policy will apply to all (can't block it).   In 2008 and above there is fine grained passwords that can help (Microsoft introduced that feature based on all this exact demand/request)

There are third party tools like specops that can also help in a 2003 environment.

Thanks

Mike
mightyquinn889

ASKER
yes I've used the 3rd party Password Policy Enforcer software  http://anixis.com/products/ppe/

and it works great but here we don't have any money budgeted for this...so I guess I'll just have to deploy to the entire domain..
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
mightyquinn889

ASKER
Just wanted to update this..there is a workaround..

if you check "Password never expires" on there user account it will override the Domain Password Policy until you uncheck it..