NT AUTHORITY\SYSTEM Modified Default Domain Policy
Question
All replies
-
Hi,
How many DC do you have in your Domain?
Modify Password Group Policy settings in one DC and check GPO status in another DC, make sure modifications can be replicated successfully.
> we noticed the password and account lockout policy settings were reverted back to the original values we
> had set for years.Do you mean revert to system default values or your defined values?
Run below command and check the result:
At the command prompt, type below commend, and then press ENTER
secedit /refreshpolicy user_policy /enforce
At the command prompt, type below commend, and then press ENTER
secedit /refreshpolicy machine_policy /enforce
For more information please refer to following MS articles:
Using SECEDIT to Force a Group Policy Refresh Immediately
http://support.microsoft.com/kb/227302
Lawrence
TechNet Community Support
- Marked as answer by Lawrence,Moderator Monday, June 4, 2012 1:11 AM
- Unmarked as answer by MsBrowning Thursday, June 21, 2012 7:31 PM
-
Similar this has happened to me as well... The values also appear to have reverted back.
Alan Burchill (MVP)
http://www.grouppolicy.biz
@alanburchill -
Drum roll... The answer is, if someone changed the local secuirty policy setting on a local DC (e.g. net command to change the password account lockout). Then this change will be pushed into the default domain GPO so that the password policy is then consistent for the entire domain.
Moral of the story is, dont try to modify the local security policy on any domain controllers, as this could trigger it to be pushed out to the entire domain.
Hope it helps.
Alan Burchill (MVP)
http://www.grouppolicy.biz
@alanburchill- Proposed as answer by Alan Burchill Monday, May 30, 2016 11:25 PM
