Password expiry warning GPO
-
dimanche 18 mars 2012 22:10
We have a GPO that defines the password expiry warning as being the default 14 days. We changed this to 10 days, however it's not working as we still get prompted 14 days ahead.
Any idea how I can find out why this happening?
Toutes les réponses
-
dimanche 18 mars 2012 22:20
Just some further info:
- I ran group policy modelling and group policy results, it shows that the GPO is applying to my username / pc with the correct setting of 10 days
- I also checked the registry key on my pc and I can see it's also set to 10 days.
-
lundi 19 mars 2012 02:30
Is this the default Domain Policy? If not, this is where the settings should be applied so that they are universal to all no matter what other GPO's are below.
Also, how long did you wait before trying the new settings? You could try running from the CMD prompt the following command to force the current GPO to be applied to a particular server/pc:
gpupdate /force
-
lundi 19 mars 2012 02:41
Thanks for the reply.
It's not the default domain policy, it's a separate GPO that contains other user specific logon settings as well.
This has been for a few weeks.
-
mardi 20 mars 2012 10:01
Hello,
have you checked with RSOP.MSC that the settings are applied when logging on to a COMPUTER in the OU where the settings are configured?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
-
mardi 20 mars 2012 13:46Modérateur
Hi,
I would like to confirm that if this password GPO is linked on domain level?
The password policies settings in Group Policy are all applied at domain level only. Otherwise, you need to use Fine-Grained password policies.
For more information, please refer to the following Microsoft TechNet articles:
Domain Level Account Policies
http://technet.microsoft.com/en-us/library/cc748850(v=WS.10).aspxAD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394(v=WS.10).aspxFor more troubleshooting information, please also refer to the following Microsoft TechNet article:
Troubleshooting Group Policy Problems
http://technet.microsoft.com/en-us/library/cc787386(v=WS.10).aspxRegards,
Arthur Li
TechNet Community Support
- Marqué comme réponse RhodanNZ mercredi 21 mars 2012 02:27
-
mardi 20 mars 2012 22:31
I checked this, and yes it shows it set at 10 days which is correct, however we still getting prompted at 14 days.Hello,
have you checked with RSOP.MSC that the settings are applied when logging on to a COMPUTER in the OU where the settings are configured?
-
mardi 20 mars 2012 22:32
Hi,
I would like to confirm that if this password GPO is linked on domain level?
The password policies settings in Group Policy are all applied at domain level only. Otherwise, you need to use Fine-Grained password policies.
For more information, please refer to the following Microsoft TechNet articles:
Domain Level Account Policies
http://technet.microsoft.com/en-us/library/cc748850(v=WS.10).aspxAD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394(v=WS.10).aspxFor more troubleshooting information, please also refer to the following Microsoft TechNet article:
Troubleshooting Group Policy Problems
http://technet.microsoft.com/en-us/library/cc787386(v=WS.10).aspxRegards,
Arthur Li
TechNet Community Support
Hi,
No these are apply at an OU level. So you are saying this will not work unless it's applied at the domain level?
-
mercredi 21 mars 2012 00:40
Correct, password policies must be applied to at the domain level. Before fine-grained password policies, this was one of the few reasons for having more than one domain, when organizations insisted on different password policies for different users. Password policies applied on an OU have on affect.
Richard Mueller - MVP Directory Services
.png)
