Announcement

Collapse
No announcement yet.

GPO not applying

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • mikes1p
    started a topic GPO not applying

    GPO not applying

    I want to set up a Test Accounts AD group to allow a shorter password than the default domain policy but I cannot get it to work.

    Any ideas? Here is what I have done....

    I created a "XYZco_Users_Test" OU, created a "Test Users" AD global group in the new OU, added a handful of test users to the new group. Then I created a "Test Accounts Password Policy" GPO for the new OU and set the password length shorter than the corp standard, scope Security Filtering lists only the Test Users group. Default Domain Policy is not enforced. I also ran gpudate ona DC.

    When I try to set a test users account AD User mgr complains it's too short for the policy

    When I run Group Policy Modeling in GPMC, under the User Config section it shows the Default Domain Policy and Test Accounts policy under Denied GPOs, the reason shown is "empty". I assume this is because the password policy settings are Computer Settings not User

  • themanwhowouldbeking
    replied
    Re: GPO not applying

    Specops Password Policy enables multiple passwords to be in a single domain environment, I suppose for testing purposes you could download the trial from http://www.specopssoft.com/products/...asswordpolicy/

    Leave a comment:


  • Ossian
    replied
    Re: GPO not applying

    Originally posted by kapilsharma11 View Post
    Now in windows 2008 you can apply password policies at OU level also.

    Regards,
    Interesting.... One less reason to create multiple domains.

    Mike,
    I normally use something like "Pa55word" (or the MS favourite of "Pa$$w0rd") when I want an "easy" complex password for test purposes

    Leave a comment:


  • mikes1p
    replied
    Re: GPO not applying

    Thanks for the heads up everybody. Now it makes sense.

    The reason I wanted shorter passwords is we are revising security policies in our ERP app for SOX compliance, need to have 20 or so temporary test accounts so we aren't messing with production accounts. The names were to be short and easy, e.g. test5, we wanted the password to match the test account name for simplicity, but that's just not going to happen so we will have longer passwords.

    Thanks everyone that replied
    Mike S

    Originally posted by Ossian View Post
    Passwords (and some other security policies) are only applied at Domain and Local level, not at site or OU level.

    Your OU password policy will be ignored, only the domain level password policy will be applied.

    Your solutions are:
    2 domains, one per password policy
    or
    Something complex with multiple domain level password policies and GPO filtering based on group membership

    Why do you need multiple password policies?

    Leave a comment:


  • kapilsharma11
    replied
    Re: GPO not applying

    Now in windows 2008 you can apply password policies at OU level also.

    Regards,

    Leave a comment:


  • Ossian
    replied
    Re: GPO not applying

    Passwords (and some other security policies) are only applied at Domain and Local level, not at site or OU level.

    Your OU password policy will be ignored, only the domain level password policy will be applied.

    Your solutions are:
    2 domains, one per password policy
    or
    Something complex with multiple domain level password policies and GPO filtering based on group membership

    Why do you need multiple password policies?

    Leave a comment:


  • rendom
    replied
    Re: GPO not applying

    I think you needn't deploy GPO. U can deploy in Domain Security Policy,all user in your domain will accept with policy of you!
    Domain controller security policy can't fix password!
    Last edited by rendom; 12th January 2008, 07:06.

    Leave a comment:

Working...
X