Announcement

Collapse
No announcement yet.

Local Password Policy

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Local Password Policy

    I want to change local password policy of a Win XP Pro machine which is a member of domain.

    but every option is disabled & it shows values different from Domain Password Policy

    Domain policy is
    Max. Password Age 15 days
    Min. Password Age 1 Days

    But on local policy
    Max. Password Age is 30 Days
    Min. Password Age is 0 days

    I want to change local policy to comply with domain policy

    How can I accomplish this ?

    Are there any Registry settings for this?
    Please Help
    Thanks
    Last edited by entadm; 2nd March 2007, 09:09.
    Cheers!!
    MCSE 2003,MCSA- Messaging 2003, VCP

  • #2
    Re: Local Password Policy

    Local policy is greyed out and showing defaults BECAUSE domain policy IS applied.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Local Password Policy

      To follow up on Toms correct answer, it isn't possible to have a different password policy other than the default domain policy. As Tom says you should find the default domain policy IS being applied and as such any local accounts on that machine will need their passwords to comply with the default domain policy.

      Hope that makes sense
      Server 2000 MCP
      Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: Local Password Policy

        As they said, and just for the record the policy applies this way
        LOCAL, SITE, DOMAIN, OU.

        BUT, password policy can only be set at DOMAIN level,
        hence, you CAN'T override that with local policy.

        the DOMAIN policy applies, thats why it is disabled.


        Retaliator.
        Thanks & Regards

        Retaliator

        MCSA/MCSE/CCNA
        Computer Science Graduate

        Comment


        • #5
          Re: Local Password Policy

          Actually guys, you CAN have different password policies on the local computers!

          But lets make sure we distinguish between a Domain account and Local account.

          You can only have one password policy for your domain and that applies to domain accounts. But you could take the time to specify a different password policy for local computer accounts. Keep in mind that group policy processing is still in effect, therefore if you have the Password Policy configure in a GPO (usually the Default Domain Policy) then all the computers would inherit that policy.

          To configure a different password policy for the local computer, create and link a new GPO or you could block inheritance or use filtering and then configure it locally on each computer.

          Check out this link for a detailed explanation http://forums.petri.com/showthread.php?t=8158
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Local Password Policy

            So without me having to read to much with my bad eyes. If you have a Complex Password Policy set for the Domain, then that Domain Complex Policy also applies to the Local password (even though the password is different)?
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: Local Password Policy

              Originally posted by biggles77 View Post
              So without me having to read to much with my bad eyes. If you have a Complex Password Policy set for the Domain, then that Domain Complex Policy also applies to the Local password
              Yes. But to change it all you have to do it configure the password policy "closer to" the computer object in AD (you know: OU, Domain, Site, Local)
              (even though the password is different)?
              I not sure what you mean by this comment?...
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment


              • #8
                Re: Local Password Policy

                Domain password = rumpleStilt$kin1
                Local PC Password = adminlocal

                If the Domain Complex Password is set and it applies to the to the local PC, then is this case the Local PC password does not mean the Complex requirements.
                1 1 was a racehorse.
                2 2 was 1 2.
                1 1 1 1 race 1 day,
                2 2 1 1 2

                Comment


                • #9
                  Re: Local Password Policy

                  Originally posted by biggles77
                  If you have a Complex Password Policy set for the Domain, then that Domain Complex Policy also applies to the Local password (even though the password is different)?
                  Same with local users as with domainusers, old passwords from before the new password policy are still accepted for logon. The policy take effect when you want to change the password.

                  \Rem
                  Last edited by Rems; 4th March 2007, 20:48.

                  This posting is provided "AS IS" with no warranties, and confers no rights.

                  __________________

                  ** Remember to give credit where credit's due **
                  and leave Reputation Points for meaningful posts

                  Comment


                  • #10
                    Re: Local Password Policy

                    Ok so let me get this clear. Jeremey you are suggesting it is possible to have multipe password policies in a domain set at OU level using blocking of inheritance?
                    Server 2000 MCP
                    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    Comment


                    • #11
                      Re: Local Password Policy

                      Originally posted by tonyyeb View Post
                      Ok so let me get this clear. Jeremey you are suggesting it is possible to have multipe password policies in a domain set at OU level using blocking of inheritance?
                      No, it is not possible to set multiple password policies for domain accounts within the same domain. There is only one useraccount database for the whole domain, a exact copy is kept on all the dc's.
                      But... Yes, you can block inheritance for some computers. And that will affect the password policy on local accounts on these computers (because the local useraccount databases (with local accounts only), can function as independent accountdatabases).

                      \Rem

                      EDIT: forgot to type not
                      Last edited by Rems; 5th March 2007, 11:34.

                      This posting is provided "AS IS" with no warranties, and confers no rights.

                      __________________

                      ** Remember to give credit where credit's due **
                      and leave Reputation Points for meaningful posts

                      Comment


                      • #12
                        Re: Local Password Policy

                        Right ok.

                        I thought the password policy was for all accounts held in the domain including the local accounts on member servers and workstations. Its all clear now.
                        Server 2000 MCP
                        Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                        Comment


                        • #13
                          Re: Local Password Policy

                          Rems beat me to it.

                          But I'll just reiterate what I said earlier.
                          Originally posted by JeremyW View Post
                          But lets make sure we distinguish between a Domain account and Local account.

                          You can only have one password policy for your domain and that applies to domain accounts. But you could take the time to specify a different password policy for local computer accounts.
                          Regards,
                          Jeremy

                          Network Consultant/Engineer
                          Baltimore - Washington area and beyond
                          www.gma-cpa.com

                          Comment

                          Working...
                          X