Ask the Expert

Password security in Group Policy for Windows networks

I am using Windows Server 2003 Enterprise Edition. I created one domain,, and then configured Group Policy for a domain and domain controller that requires a complex password of at least seven characters. After that, I created one OU (organizational unit) in my domain called ACC. For the ACC OU, I don't need a complex password, so in Group Policy, I disabled complex password and set the minimum character length to zero and set block policy inheritance. When I created a user in the ACC OU, it still required a complex password. I don't understand what's going wrong.
This Group Policy complex password problem is due to the fact that in Group Policy, in Windows networks, password security policies are only assigned at the domain level. You can expand the policy at the OU and go through all of the motions, but Active Directory will not actually apply the changes. In fact, having differing password policies is one of the few reasons for creating additional domains.

This was first published in September 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: