Reguarding the precedence of Default Domain Policy
UncleCid
Member Posts: 66 ■■□□□□□□□□
Hello, and greetings. ^^
My question pertains to a problem with the precedence that default domain policy is taking over a second policy established @ the domain level.
I have created a policy named "PwdPol1" and moved the link to this GPO above that of the the Default Domain Policy. Within this GPO, "PwdPol1", I have changed the minimum password length to 14 and the account lockout threshold to 3.
The user in question is within a UO that is in the domain root applied and has blocked inheritance. The user has also been created prior to the above applied policy.
If i have left out some important tech info, please let me know.
The problem is that the user "Lab8User1" with an UO named "Marketing," with the domain in question, will not be locked out after 3 failed attempts. Strangely, when creating a new account, the minimum password length works and informs me to make the password length appriopriately.
I have used Resultant Set of Policy, to find that the Default Domain Policy is taking precedence in this problem, but RSoP also says that DDP is taking precendence with the minimum password length too(which is having no issues).
Again if i missed anything let me know.. But if i'm correct since the link to GPO "PwdPol1" is above the default domain policy, it should take precedence. Reguardless, the Lab Manual is indicating that this is how it should be working aswell.
I know that it is probably something i did, but I can't seem to find the problem and RSoP indicates that the DDP has precedence.
For those that are taking 70-294, this is Lab 8 (8-1). The pages in the Lab Manual are pg. 101-103. Thank you for reading, sorry for the long post. I wanted to be thorough, so that it would be easier to answer my questions.
BTW I'm using Virtual Server.
My question pertains to a problem with the precedence that default domain policy is taking over a second policy established @ the domain level.
I have created a policy named "PwdPol1" and moved the link to this GPO above that of the the Default Domain Policy. Within this GPO, "PwdPol1", I have changed the minimum password length to 14 and the account lockout threshold to 3.
The user in question is within a UO that is in the domain root applied and has blocked inheritance. The user has also been created prior to the above applied policy.
If i have left out some important tech info, please let me know.
The problem is that the user "Lab8User1" with an UO named "Marketing," with the domain in question, will not be locked out after 3 failed attempts. Strangely, when creating a new account, the minimum password length works and informs me to make the password length appriopriately.
I have used Resultant Set of Policy, to find that the Default Domain Policy is taking precedence in this problem, but RSoP also says that DDP is taking precendence with the minimum password length too(which is having no issues).
Again if i missed anything let me know.. But if i'm correct since the link to GPO "PwdPol1" is above the default domain policy, it should take precedence. Reguardless, the Lab Manual is indicating that this is how it should be working aswell.
I know that it is probably something i did, but I can't seem to find the problem and RSoP indicates that the DDP has precedence.
For those that are taking 70-294, this is Lab 8 (8-1). The pages in the Lab Manual are pg. 101-103. Thank you for reading, sorry for the long post. I wanted to be thorough, so that it would be easier to answer my questions.
BTW I'm using Virtual Server.
Comments
-
UncleCid Member Posts: 66 ■■□□□□□□□□I feel pretty embarassed, but i have resolved the issue. The no override was still up on the default domain policy from the previous lab. I had missed undoing this doing the post lab cleanup. I appologize to anyone who read and/or was trying to help.
-
mr2nut Member Posts: 269UncleCid wrote:I feel pretty embarassed, but i have resolved the issue. The no override was still up on the default domain policy from the previous lab. I had missed undoing this doing the post lab cleanup. I appologize to anyone who read and/or was trying to help.
lol It's ok, i've done something similar. It's all part of the learning process and it feels great to find things out yourself, even if it is a little stoopid -
UncleCid Member Posts: 66 ■■□□□□□□□□Thank you. I know this is getting off topic, but I was hoping on using these forums as a resource and for keeping myself active, during down time. I find it hard to stay on que if i am not actively involved in conversation with like minded people. /facepalm
-
mr2nut Member Posts: 269UncleCid wrote:Thank you. I know this is getting off topic, but I was hoping on using these forums as a resource and for keeping myself active, during down time. I find it hard to stay on que if i am not actively involved in conversation with like minded people. /facepalm
I use them for this too, not just the certifications. There's some really knowledgeable people on here going through the same stuff as we do so it's good to keep your mind active asking questions. -
dynamik Banned Posts: 12,312 ■■■■■■■■■□Don't beat yourself up over it. I bet that'll be the first thing you check when you have similar problems in the future. It's all part of gaining experience. When I was learning Javascript, I spent more time than I'd like to admit trying to figure out where I made an error when all I did was write fuction instead of function. Any time that happened after that, it was remedied in seconds!