Domain Password Policy

DELL PowerEdge
September 22, 2006 at 12:39:48
Specs: Windows 2003 Server / Win, Xeon & 4GB

Have put a password policy on ‘Default Domain Policy’ and ‘Pupils Policy’.

Enforce Passwords History = 2
Maximum Password Age = 60
Minimum Password Age = 5
Minimum Password length = 6
Password Must Meet Complexity = Enabled

The problem I have got is the ‘Password Policy(s)’ created do not seem to be applying, to any clients on my network. I can put any type of password in any shape or form.

Oh the ‘Enforce User Logon Restrictions’ under the ‘Kerberos Policy’ is enabled if that makes a difference.

Can anyone help!…


See More: Domain Password Policy

Report •

September 22, 2006 at 15:18:35
Where are you applying the policies?

Password policies for domain accounts can only be controlled by policies applied at the domain level.

"Milk was a bad choice!"

Report •

September 24, 2006 at 23:27:34
'Default Domain Policy’ and ‘Pupils Policy’.

Report •

September 25, 2006 at 19:44:20
Not in which policies. *where* are the policies linked.

"How many squirrels had to die to make you look fly?!"

Report •

Related Solutions

September 25, 2006 at 21:23:22
You have to apply it in default domain controller security policy.

Look into windows 2003 hardening guide in the URL

Report •

September 26, 2006 at 08:22:30
Do I have to link the 'Default Domain Policy' to my 'Pupils OU'.

At the moment there is no link, just a 'Pupils Policy' on the 'Pupils OU'...

Thought 'Default Domain Policy' gets applied automatically...

Report •

September 26, 2006 at 20:00:38
"You have to apply it in default domain controller security policy."

Incorrect. It should be a policy that has precedence over policies linked at the domain level. By default, that is NOT the default domain controller's policy since it is linked to the domain controllers container, not the domain level.

In fact, no editing should be done whatsoever to the default policies in AD. If you want different policies, make a copy of those and edit the copies or a new policy and have it take precedence.

Quite honestly, it surprises me that someone who is publishing info about security didn't know this. I would therefore recommend not consulting the windows 2003 hardening guide in the URL but instead consulting the free hardening guide straight from the horse's mouth - Microsoft.

Please help survivors of Hurricane Katrina!

Report •

September 29, 2006 at 01:15:43
Hello, this is the hardening guide referred by Ernest and Young and not by myself.


Report •

Ask Question