Jump to content
Forum²

Recommended Posts

Posted

Hey Guys,

 

I'm a sysadmin currently using default GPOs on the root domain, I created a GPO specifically for password complexity and such then applied it to a new OU I made, dumped the user/computer in there and sure enough its applied via gpresult and rsop.msc.. I see it in secpol.msc

 

So why can I change my password to 1234?? lol. Minimum is 8 characters and complex

 

What would cause this?

 

I just noticed my XP machine shows it's applied (although not working as mentioned) but my win7 machine filters it out.. I have no WMI filter on it

 

Thanks

Posted

Hey Guys,

 

I'm a sysadmin currently using default GPOs on the root domain, I created a GPO specifically for password complexity and such then applied it to a new OU I made, dumped the user/computer in there and sure enough its applied via gpresult and rsop.msc.. I see it in secpol.msc

 

So why can I change my password to 1234?? lol. Minimum is 8 characters and complex

 

What would cause this?

 

I just noticed my XP machine shows it's applied (although not working as mentioned) but my win7 machine filters it out.. I have no WMI filter on it

 

Thanks

 

 

Hi,

 

What does "win7 machine filters it out" mean?

 

Check that the new policy is the "primary" in that OU, pay attention to LINKED GPO.

 

Let me know.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Hi,

 

What does "win7 machine filters it out" mean?

 

Check that the new policy is the "primary" in that OU, pay attention to LINKED GPO.

 

Let me know.

 

Filters it out as in looks at it then ignores it. I think I figured it out.. Using Server 2003 functional level domain it only allows one password policy per domain, this is a second one on a different OU so it's just ignoring it

Posted

Filters it out as in looks at it then ignores it. I think I figured it out.. Using Server 2003 functional level domain it only allows one password policy per domain, this is a second one on a different OU so it's just ignoring it

 

I think you're right.

 

Please confirm.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

I think you're right.

 

Please confirm.

 

Sorry been busy heh, we unchecked all password settings in the default domain policy and dragged the new seperate password policy to the root domain. It worked, I know because people are pissed right off that they have to use complex passwords.

 

It seems to be filtering in slowly, some people (including myself) haven't had to change yet.

Posted

Sorry been busy heh, we unchecked all password settings in the default domain policy and dragged the new seperate password policy to the root domain. It worked, I know because people are pissed right off that they have to use complex passwords.

 

It seems to be filtering in slowly, some people (including myself) haven't had to change yet.

 

So, as said, you have to put this rule on the PRIMARY policy.

 

Regarding the delay, it could be a EXPIRE problem. I had the same "issue", because I set up a policy to change users's password every 90 days, but not every person had to change it at the same day. I think it depends on when the users has been created. Also check the "password never expires".

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

So, as said, you have to put this rule on the PRIMARY policy.

 

Regarding the delay, it could be a EXPIRE problem. I had the same "issue", because I set up a policy to change users's password every 90 days, but not every person had to change it at the same day. I think it depends on when the users has been created. Also check the "password never expires".

 

Yes I figured, as time elapses more are required to change, its working itself out.

Posted

Yes I figured, as time elapses more are required to change, its working itself out.

 

That's nice :)

 

Thanks for sharing results!

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...