Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Clients Ignoring GPO (password complexity/length)

Status
Not open for further replies.
mikrowiz

mikrowiz

MIS
Aug 22, 2001
10
US
I am trying to implement the complex password policy and character length for passwords, but my clients are ignoring them and I can't for the life of me figure out why. RSOP returns all the proper results on a client. It shows the proper GPO settings, yet a user can set a password as stupid as "dog" even though RSOP shows Password Complexity is Enabled. For all intensive purposes it appears that the security settings in the Default Domain Policy are getting applied, just not adhered to. Junk from the User settings seems to be getting applied just fine, just not the Computer settings. I even tried resetting the Default Domain Policy dcgpofix /target:Domain with no joy :( Anyone?
 
Sort by date Sort by votes
Where are you setting the password policy? The password policy can only be set at the domain level, and only in the Default Domain Policy.

Grammar Nazi:

For all intensive purposes...
Click to expand...

For all intents and purposes :)

/Grammar Nazi
 
Upvote 0 Downvote
Yes. I know. That is where I'm setting it, and it appears to be working according to RSOP when it is run on one of the clients as it shows the complexity and length (8 characters) are enabled. Even though the resultant policy shows that though, I can still set a 3 character all lowercase password. It's quite irritating. Almost as irritating as someone correcting an oft misused cliche when there are bigger problems to be solved :)
 
Upvote 0 Downvote
Have you refreshed policy on the domain controllers. They're the only machines that really matter when it comes to setting passwords.
 
Upvote 0 Downvote
You mean with a gpupdate /force? If so, I did try that but it didn't change anything. I can't find anything on either the DC's or the clients that shows why this shouldn't be working properly.
 
Upvote 0 Downvote
Found it. Block Inheritance was turned on on the domain controller OU for some reason. Even though clients showed the right policy, the DCs weren't getting the policy, and therefore not enforcing it, because it was blocked to them.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
442
technome
technome
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
343
RRankin355
RRankin355
Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
302
strongm
strongm
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
329
on3mansh0w
on3mansh0w
juliog
  • Locked
  • Question
Unable to get Server 2019 GPO Redirected Folders to Work on Windows 7
Replies
1
Views
311
tacohunter
tacohunter

Part and Inventory Search

Sponsor

Back
Top