Q

Problems setting up password policies with Windows 2000 Professional

I have one Windows 2000 test server with one Windows 2000 Pro Workstation, all with current updates SP4 etc. The problem I'm having is setting password policies from the OU. I have one OU "IS" with one GPO, "ISGPO" and they won't run. I can only get the password polices to work from within the default domain GPO. My computer object and user objects are under my OU and I have no override checks on any GPO's. I only have one GPO -- "IS" -- so it's not like I am troubleshooting several GPO's. Also, all of the other policies from within my "ISGPO" work just fine.
Windows domain can only have one password policy. If you implement a password policy from an OU, it will only affect the local accounts on the computers in that OU, not the domain accounts. So, for example: Fred has a domain account FredP; he has a local account on his computer, FP. The domain password policy is a 12character password. The local computer password policy is a 20character password. When Fred logs onto the domain as FredP, he can use a 12 character password. But when he logs on to his computer as FP, he must use a 20 character password. This is just the way it is. The password policy for the domain is set in the default domain GPO, and only that one will work for the users using domain accounts.
This was first published in November 2003

Dig deeper on User passwords and network permissions

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close