Announcement

Collapse
No announcement yet.

gp not working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • gp not working

    [IMG]file:///C:/DOCUME%7E1/mlabara/LOCALS%7E1/Temp/moz-screenshot.jpg[/IMG]I am having a serious issue.

    I have a windows 2k3 r2 server with sp3 and it is my PDC and brighthead server

    I am implemented a GPO that is called the default policy.It has my password expiration policy.

    This policy is separate form the default domain policy.

    My default domain policy is turned off and not enforced but my other default policy is enforced and has other setting configured. (this is the lower gp in my ou-shot) (see attachment) the other settings work and are functioning.

    My issue is that in the default policy has a password policy in it and it is not being applied. The ss.jpg file has a pic of my users and the password policy shows that the password does not expire. The account does not expire chk box is not ticked off. We have not gotten notifications and i am concerened.

    What gives? at one point the users did have account does not expre checked off. what that effect the policy even though i changed it back?


    Any insight is appreciated.
    Attached Files

  • #2
    Re: gp not working

    There can only be one password policy in a domain, and the GPO that defines it must be linked to the domain, not an OU.

    Why do you want to disable the default domain policy?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: gp not working

      That's right, 1 in w2k and w2k3 at the domain level. To implement different password policies multiple domains are required.

      w2k8 introduces the ability to use fine grained password policies for groups and users by assigning PSOs to a group or user.

      Comment


      • #4
        Re: gp not working

        Originally posted by mlabs View Post
        My issue is that in the default policy has a password policy in it and it is not being applied.
        The policy is applied on the client computers in the OU - and therefore will affect all the useraccounts in the local SAM database on each computer. If you want to affect domain users then link the GPO at the domain level (for all kind useraccounts on every machine) or, to the OU of all the DC's in the same domain for just the domain users.

        \Rems
        Last edited by Rems; 13th February 2009, 22:27.

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: gp not working

          Originally posted by Virtual View Post
          That's right, 1 in w2k and w2k3 at the domain level. To implement different password policies multiple domains are required.

          w2k8 introduces the ability to use fine grained password policies for groups and users by assigning PSOs to a group or user.
          and therein lies the final death of the domain as a security boundary. It's been a long time coming but it's a step in the right direction IMO - simply because it improves scalability by widening the security boundary to the forest.


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment

          Working...
          X