can’t change local admin pw due to policy…

Home Forums Microsoft Networking and Management Services GPO can’t change local admin pw due to policy…

This topic contains 9 replies, has 4 voices, and was last updated by tehcamel tehcamel 8 years, 10 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • Avatar
    shmengie
    Member
    #152977

    wtf? i’ve never had policy affect the local admin before (believe me, i’ve tried. well, in xp, anyways). this is a brand new install of w7 pro on a 2003 domain.

    is this something new in w7?

    btw, the policy that’s messing with me is the minimum pw age, which is set to 2 days. so, i can just wait until tomorrow to change it. still, i’d like to know what’s going on…

    thx!

    tehcamel
    tehcamel
    Moderator
    #356922

    Re: can’t change local admin pw due to policy…

    so the domain policy is preventing you from changing the local system administrator account because mindays has not been reached ?

    Avatar
    shmengie
    Member
    #247200

    Re: can’t change local admin pw due to policy…

    that is correct.

    Avatar
    v-2nas
    Member
    #338336

    Re: can’t change local admin pw due to policy…

    Hi,

    if you logon to the computer locally instead of domain and then try to change the password. Does it allow you to change it.

    Avatar
    shmengie
    Member
    #247201

    Re: can’t change local admin pw due to policy…

    v-2nas;228955 wrote:
    Hi,

    if you logon to the computer locally instead of domain and then try to change the password. Does it allow you to change it.

    nope, that’s exactly the problem i’m having. it makes no sense…

    Avatar
    v-2nas
    Member
    #338338

    Re: can’t change local admin pw due to policy…

    Hi,

    Can you check if you have any local policy that is affecting it coz once you logon to locally on the machine domain policies won’t even apply.

    Avatar
    Wired
    Moderator
    #273981

    Re: can’t change local admin pw due to policy…

    Please don’t post irrelevant links in your posts.

    Avatar
    shmengie
    Member
    #247202

    Re: can’t change local admin pw due to policy…

    v-2nas;228970 wrote:
    Hi,

    Can you check if you have any local policy that is affecting it coz once you logon to locally on the machine domain policies won’t even apply.

    funny, i didn’t think to check local policy. and, by golly, there it is. it’s still weird, though, because i thought policy only applied to domain users, not local users, especially the admin. or, did i just fail gpo 101?

    Avatar
    v-2nas
    Member
    #338346

    Re: can’t change local admin pw due to policy…

    It’s always a learning exp. There are are local group policy as well.

    Avatar
    shmengie
    Member
    #247203

    Re: can’t change local admin pw due to policy…

    v-2nas;229028 wrote:
    It’s always a learning exp. There are are local group policy as well.

    yes, it is. and yes, there are. but does domain policy write to local policy? and if so, isn’t the local admin exempt?

    for example, changes i make on the dc in gpmc shouldn’t be editable on the client via gpedit, right? i mean, that’s always been my experience. i think the deciding factor is: if the the policy is not configured in gpmc, then you CAN edit it in gpedit. if it is defined in gpmc, then it is locked out of gpedit. am i wrong on this?

    and, regardless of my knowledge – or lack thereof – of policy, i’ve just never seen the local admin get shut down out of anything by domain policy. another example…

    i don’t log in as the local admin on client boxes very often. but, when i do, i get the STUPID STUPID STUPID desktop cleanup wizard. (really, what was ms thinking with that one?) so, i disabled that via policy, pushing it out to all clients. as i’m sure you can guess, that is a domain policy that does not affect the local admin. so, i made that policy change for nothing. that was – and is – on wxp.

    again, it all boils down to: domain policy didn’t affect the local admin in that case (2003/wxp) but does in this case (2003/w7). and that takes me back to my original question: does w7 handle policy different than wxp, when both are under 2003?

    anywho, time for dinner. thx to everyone for walking through this with me!

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.