Solved

Password policies on SBS 2008

Posted on 2014-11-24
6
474 Views
Last Modified: 2014-11-25
Hi Experts,

We encounter a strange issue on a SBS 2008 server. The password policy settings are all configured to disable the complexity, expiration or history. We can create a new user in dsa.msc or SBS control panel on the server but it is impossible on the client computers. An error about complexity or history appears, even if we set a complex password.
We tried to activate the complexity, it was successfully applied on the client computer (checked in gpedit.msc), but the result is the same...

We absolutely need to be able to create new local users on the client computers to install a software successfully.

Any idea ?
0
Comment
Question by:jet-info
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:hsclater
ID: 40462576
If you set a password policy correctly, it will apply to your computers and you will be able to set it however you want. I suspect you are not applying the policy correctly. The setting is a computer setting, so either apply in the default domain policy (or better, create a new policy at the same level at the root of the domain), or apply a policy to an OU containing your computers. It will do nothing to users accounts.

As you can see the password policy is a computer configuration:
Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy
0
 

Author Comment

by:jet-info
ID: 40463894
Edit:
I tried on another computer and it works normally. The problem is only on one specific computer.
On this computer when I launch gpedit.msc I receive this error:

Resource '$(string.VerMgmtAuditModeEnable)' referenced in attribute displayName could not be found. File C:\windows\PolicyDefinitions\inetres.admx, line 1495, column 249

I installed the .msi from here (http://www.microsoft.com/en-us/download/details.aspx?id=6243) in C:\Windows with no amelioration.

Is there any registry key to edit to fix this problem?

Any idea?

Thanks.
0
 
LVL 4

Accepted Solution

by:
hsclater earned 500 total points
ID: 40464723
Hi there

So let me confirm, you have an SBS 2008 server, you can use ADUC on there or the SBS console with no issues, and have set a password policy to disable the complexity, expiration or history. This policy is applied to all of your PCs apart from one with no issues. So it seems to be local PC issue.

NB: it is not a good idea to disable all these password requirements, you are significantly reducing your security by doing this. I would seriously challenge this requirement.

Some questions:
- What version of Windows 7 is on the PC?
- Is it joined to the domain?
- Why do you need to create local user accounts? Most applications should work fine with a domain user account. The application would certainly have no place in an Enterprise if it required so much manual management. Confirm this with the vendor and again challenge them.

Regardless, you should not have the gpedit.msc error. inetres.admx is for Internet Explorer policies, run the following at an admin cmd prompt:

sfc /scannow

Then review the log, if there is anything wrong with your ADMX files it should fix it.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jet-info
ID: 40464739
OK, the problem was because of HP protect tools installed on the computer... Thank you HP !

I installed all HP related products and it finally worked like a charm.
0
 

Author Closing Comment

by:jet-info
ID: 40464741
Thanks for your help and your time !
0
 
LVL 4

Expert Comment

by:hsclater
ID: 40464957
Yes HP Protect Tools is horrible. All of the HP crapware is awful, and takes time to remove.

I always blow away the OEM image and reinstall using a clean image with the latest updates integrated. See mydigitallife for tools to do that yourself.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question