password complexity

ladiesman217ladiesman217 Member Posts: 416
in Server 70-290
I'm doing an exercise creating user accounts and I want to turn off password complexity requirements but the option to enable and disable are grayed out. Any ideas?
No Sacrifice, No Victory.
· Share on FacebookShare on Twitter

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Where are you looking and what user are you logged in as?
    · Share on FacebookShare on Twitter
  • ladiesman217ladiesman217 Member Posts: 416
    dynamik wrote: »
    Where are you looking and what user are you logged in as?

    I'm login as administrator on server 2003. I'm in group policy - windows settings - account policies. I'm doing this exercise before when I was prepping for 270 and I've never encountered this problem.
    No Sacrifice, No Victory.
    · Share on FacebookShare on Twitter
  • ClaymooreClaymoore Member Posts: 1,637
    Are you selecting 'Define this policy' before your try to Enable or Disable? You can't select either until you choose to define the policy.
    Clay Moore's Blog
    · Share on FacebookShare on Twitter
  • Graham_84Graham_84 Member Posts: 85 ■■□□□□□□□□
    If your not on a domain, this can be altering on local security policy (gpedit.msc) or if you are on a domain, then this must be set as a domain policy, Options in group policy dont get greyed out. You either enable/disable/no configured. You must be a domain admin to link gpo's and amdend existing ones at domain level.
    Currently having a break after the MCITP:EA. Citrix or Cisco next, not sure!
    · Share on FacebookShare on Twitter
  • ladiesman217ladiesman217 Member Posts: 416
    I can define password complexity requirements under GPO in active directory...but can't do it in gpedit.msc. Does gpedit.msc affects only the local security? What's the difference of running gpedit and GPO in active directory?
    No Sacrifice, No Victory.
    · Share on FacebookShare on Twitter
  • amart83amart83 Member Posts: 30 ■■□□□□□□□□
    ladiesman217 wrote: »
    I can define password complexity requirements under GPO in active directory...but can't do it in gpedit.msc. Does gpedit.msc affects only the local security? What's the difference of running gpedit and GPO in active directory?
    Yes, gpedit.msc only opens up the "Local Security Policy" for that computer.

    Your domain computers get their "Account Policies" applied at a higher level; the Domain level. That's why it is grayed out.

    Policies are processed in this order:
    Local
    Site
    Domain
    Organizational Unit (OU)

    Go to Active Directory Users and Computers > Right click the domain > Properties > Group Policy > click Default Domain Policy > Edit.

    From there, go Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policies.
    Career path: Working on upgrading to MCSA2K3 then MSCE2K3 > CCENT > CCNA
    · Share on FacebookShare on Twitter
  • ladiesman217ladiesman217 Member Posts: 416
    amart83 wrote: »
    Yes, gpedit.msc only opens up the "Local Security Policy" for that computer.

    Your domain computers get their "Account Policies" applied at a higher level; the Domain level. That's why it is grayed out.

    Policies are processed in this order:
    Local
    Site
    Domain
    Organizational Unit (OU)

    Go to Active Directory Users and Computers > Right click the domain > Properties > Group Policy > click Default Domain Policy > Edit.

    From there, go Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policies.

    thanks amart83... got it! I'm playing with group policy using a dc, so when I define a GPO under active directory does it apply as well to the DC? Now I'm confuse how do I implement policy in the DC itself when the options running gpedit is greyed out. thanks in advance.
    No Sacrifice, No Victory.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.