• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

danblee.com

Tutorials & Knowledge Base Articles for System Administrators who wear many, many hats.

  • Home
  • About
  • Ask Me
  • DBLHost.com

Password Policies such as Maximum Password Age are not being set by GPO

June 1, 2017 by Dan B. Lee 1 Comment

This issue applies to Server 2003 schemas. Remember, your schema may be lower than your domain controller server version.

So you’re working through some policy issues and you find that your computer isn’t picking up the proper password policy that you’ve applied, even though your machine is definitely part of the OU where the GPO is linked. You do an RSOP and see that the resultant policy is not applied and can’t figure out why some things like password age or complexity are not being changed on the machine.

Solution:

You’re going to need to apply all Kerberos, Password Settings, and Domain Security at the Domain level of the OUs in Active Directory. Reason being is that a long while back in the 2003 days there would be major conflicts if some machines had these settings different from one another if they were applied to different OUs. Nowadays this is no big deal, but if your schema is 2003, you’ll want to link your “General Password Settings” policy (or whatever you call it) to the domain instead of the OUs underneath the domain.

Do this, force an update to group policy, log off, then back on, and let me know if it finally changes for you.

Cheers

Filed Under: Active Directory, Group Policy, Security, Windows Server 2003, Windows Server 2008 R2, Windows Server 2012 Tagged With: Active Directory, GPO, Group Policy, Schema, Security, Server 2003

Primary Sidebar

Categories

  • Active Directory
    • Group Policy
  • Adobe Photoshop
  • Browsers
    • Chrome
  • Cloud Based Technology
    • Citrix XenApp
  • ConnectWise
    • LabTech
  • Dell
  • Internet Service Providers (ISPs)
  • iPhone
  • Linux
    • CentOS
    • OpenVPN
    • SaltStack
    • Ubuntu
  • Microsoft Office
    • Lync
    • Microsoft Excel
    • Microsoft Outlook
    • Microsoft Word
  • Microsoft Windows
    • Active Directory
    • PowerShell
    • Windows 7
    • Windows 8 Preview & Release
  • Networks
  • News
  • Off Topic
  • Office 365
  • Peripherals
    • Monitors
  • Printers
    • Local Printers
    • Network Printers
  • Programming
    • Python
  • Riverbed
  • Security
  • Sharepoint
  • Social Media
  • Splunk
  • Storage
  • Switching & Routing
    • Cisco
    • Fortinet
  • Technology Culture
    • Opinion
  • Uncategorized
  • Virtualization
    • VEEAM
    • VMware
  • WAMP
  • Web Hosting
    • WHMCS
  • Website Design
  • Windows Server
    • Exchange 2003
    • Exchange 2010
    • Exchange 2013
    • Microsoft SQL
    • Windows Server 2003
    • Windows Server 2008 R2
    • Windows Server 2012
  • WordPress

Footer

Recent Activity

  • pings on Xerox Phaser 3635MFP Default Admin Username and Password
  • Xerox Phaser 3635MFP Default Admin Username and Password — danblee.com on About Dan B. Lee
  • Estudio Login | LOGINEGG on Toshiba E-Studio Default Administrator Username and Password
  • Estudio Login | LOGINSPENT on Toshiba E-Studio Default Administrator Username and Password
  • Estudio Login | CHARTLOGIN on Toshiba E-Studio Default Administrator Username and Password

Dan Lee

Dan B. Lee works at SyApps, LLC., a Managed Hosting Solutions Firm, as a Senior Network Engineer. Dan has a decade of IT experience and specializes in a number of different disciplines including Virtualization, Web Site Hosting and Design, Network Security, Data Center Architecture, Local and Remote Server Hosting, and Backup & DRS Solutions. Read More…

Links

  • Home
  • About Dan B. Lee
  • Ask Me
  • Privacy Policy

Copyright © 2021 · Genesis Child Theme on Genesis Framework · WordPress · Log in