Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domain Security not being applied

Status
Not open for further replies.
Monty99

Monty99

IS-IT--Management
Nov 21, 2002
117
GB
Hello,

while reviewing our Domain Security policy, I have changed the account policies on the W2K Domain controller for stronger account policies e.g. longer passwords, 24 remembered passwords etc.

This was applied in the control panel of Domain controller for DOMAIN SECURITY.

When I log in with an account that has a password expired, it doesn't seem to be picking up this modified policy.

I've checked AD etc. as no other Account Policies are set anywhere else.

Surely if it is set at DOMAIN SECURITY ...then it should applly. Any ideas why not in my case? Thanks

Monty99
 
Sort by date Sort by votes
you need to be sure you are changing the right thing here...

"I have changed the account policies on the W2K Domain controller"
Which actual GPO have you changed? Is it the GPO or the local security on the server? Or the Domain Controller GPO?

for it to be effective on the domain, it havs to be a GPO that is linked to the domain and not an OU. eg the default domain policy.

Aftertaf
________
I reserve the right to be wrong, be confused, be suffering because it is monday, or because it is nearly the weekend.
 
Upvote 0 Downvote
Hello,

I logged into the W2K Server. Went to Control Paner. Opened up Admin tools. Opened up DOMAIN SECURITY POLICY, and edited the Account Plocies from there. Did not do it from GPO.

Regards,
Monty99
 
Upvote 0 Downvote
which explains why!

it needs doing in the domain level gpo.


Aftertaf
________
I reserve the right to be wrong, be confused, be suffering because it is monday, or because it is nearly the weekend.
 
Upvote 0 Downvote
Ok....I've gone to the GPO in the Active Directory. Selected the Domain from the tree, adn edited the Default GPO so the Account Policies are set. Properties set for "Apply Policy" for Authenticated USers.

I've rebooted my PC , tried to login under this test account and still it seems to be seeing some old policy settings.
I've set policy for 8 characters, and 24 remember passwords. When I try to change my password is say that it should be 6 characters, and 1 password old......so something amiss somewher.

Tthanks
Monty99
 
Upvote 0 Downvote
run the secedit command on your pc too...
and check the filtering/permissions on your default gpo.

Aftertaf
________
I reserve the right to be wrong, be confused, be suffering because it is monday, or because it is nearly the weekend.
 
Upvote 0 Downvote
OK Thanks

managed to get it working.

As you said:

ran secedit /refreshpolicy machine_policy

Working now. Thanks a lot.

Monty99
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
715
microsGuy16
microsGuy16
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
369
ADB100
ADB100
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
1K
mangentle
mangentle
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
321
on3mansh0w
on3mansh0w

Part and Inventory Search

Sponsor

Back
Top