none
Password expiry warning GPO

    Question

  • We have a GPO that defines the password expiry warning as being the default 14 days. We changed this to 10 days, however it's not working as we still get prompted 14 days ahead.

    Any idea how I can find out why this happening?

    dimanche 18 mars 2012 22:10

Réponses

Toutes les réponses

  • Just some further info:

    • I ran group policy modelling and group policy results, it shows that the GPO is applying to my username / pc with the correct setting of 10 days
    • I also checked the registry key on my pc and I can see it's also set to 10 days.

    dimanche 18 mars 2012 22:20
  • Is this the default Domain Policy?  If not, this is where the settings should be applied so that they are universal to all no matter what other GPO's are below.

    Also, how long did you wait before trying the new settings? You could try running from the CMD prompt the following command to force the current GPO to be applied to a particular server/pc:

    gpupdate /force 

    lundi 19 mars 2012 02:30
  • Thanks for the reply.

    It's not the default domain policy, it's a separate GPO that contains other user specific logon settings as well.

    This has been for a few weeks.

    lundi 19 mars 2012 02:41
  • Hello,

    have you checked with RSOP.MSC that the settings are applied when logging on to a COMPUTER in the OU where the settings are configured?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    mardi 20 mars 2012 10:01
  • Hi,

    I would like to confirm that if this password GPO is linked on domain level?

    The password policies settings in Group Policy are all applied at domain level only. Otherwise, you need to use Fine-Grained password policies.

    For more information, please refer to the following Microsoft TechNet articles:

    Domain Level Account Policies
    http://technet.microsoft.com/en-us/library/cc748850(v=WS.10).aspx

    AD DS: Fine-Grained Password Policies
    http://technet.microsoft.com/en-us/library/cc770394(v=WS.10).aspx

    For more troubleshooting information, please also refer to the following Microsoft TechNet article:

    Troubleshooting Group Policy Problems
    http://technet.microsoft.com/en-us/library/cc787386(v=WS.10).aspx

    Regards,


    Arthur Li

    TechNet Community Support

    • Marqué comme réponse RhodanNZ mercredi 21 mars 2012 02:27
    mardi 20 mars 2012 13:46
    Modérateur
  • Hello,

    have you checked with RSOP.MSC that the settings are applied when logging on to a COMPUTER in the OU where the settings are configured?


    I checked this, and yes it shows it set at 10 days which is correct, however we still getting prompted at 14 days.
    mardi 20 mars 2012 22:31
  • Hi,

    I would like to confirm that if this password GPO is linked on domain level?

    The password policies settings in Group Policy are all applied at domain level only. Otherwise, you need to use Fine-Grained password policies.

    For more information, please refer to the following Microsoft TechNet articles:

    Domain Level Account Policies
    http://technet.microsoft.com/en-us/library/cc748850(v=WS.10).aspx

    AD DS: Fine-Grained Password Policies
    http://technet.microsoft.com/en-us/library/cc770394(v=WS.10).aspx

    For more troubleshooting information, please also refer to the following Microsoft TechNet article:

    Troubleshooting Group Policy Problems
    http://technet.microsoft.com/en-us/library/cc787386(v=WS.10).aspx

    Regards,


    Arthur Li

    TechNet Community Support

    Hi,

    No these are apply at an OU level. So you are saying this will not work unless it's applied at the domain level?

    mardi 20 mars 2012 22:32
  • Correct, password policies must be applied to at the domain level. Before fine-grained password policies, this was one of the few reasons for having more than one domain, when organizations insisted on different password policies for different users. Password policies applied on an OU have on affect.


    Richard Mueller - MVP Directory Services

    mercredi 21 mars 2012 00:40