Options
password complexity
ladiesman217
Member Posts: 416
I'm doing an exercise creating user accounts and I want to turn off password complexity requirements but the option to enable and disable are grayed out. Any ideas?
No Sacrifice, No Victory.
Comments
-
Options
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Where are you looking and what user are you logged in as? -
Optionsladiesman217
Member Posts: 416
Where are you looking and what user are you logged in as?
I'm login as administrator on server 2003. I'm in group policy - windows settings - account policies. I'm doing this exercise before when I was prepping for 270 and I've never encountered this problem.No Sacrifice, No Victory. -
Options
Claymoore
Member Posts: 1,637
Are you selecting 'Define this policy' before your try to Enable or Disable? You can't select either until you choose to define the policy. -
Options
Graham_84
Member Posts: 85 ■■□□□□□□□□
If your not on a domain, this can be altering on local security policy (gpedit.msc) or if you are on a domain, then this must be set as a domain policy, Options in group policy dont get greyed out. You either enable/disable/no configured. You must be a domain admin to link gpo's and amdend existing ones at domain level.Currently having a break after the MCITP:EA. Citrix or Cisco next, not sure! -
Optionsladiesman217
Member Posts: 416
I can define password complexity requirements under GPO in active directory...but can't do it in gpedit.msc. Does gpedit.msc affects only the local security? What's the difference of running gpedit and GPO in active directory?No Sacrifice, No Victory.
-
Options
amart83
Member Posts: 30 ■■□□□□□□□□
Yes, gpedit.msc only opens up the "Local Security Policy" for that computer.ladiesman217 wrote: »I can define password complexity requirements under GPO in active directory...but can't do it in gpedit.msc. Does gpedit.msc affects only the local security? What's the difference of running gpedit and GPO in active directory?
Your domain computers get their "Account Policies" applied at a higher level; the Domain level. That's why it is grayed out.
Policies are processed in this order:
Local
Site
Domain
Organizational Unit (OU)
Go to Active Directory Users and Computers > Right click the domain > Properties > Group Policy > click Default Domain Policy > Edit.
From there, go Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policies.Career path: Working on upgrading to MCSA2K3 then MSCE2K3 > CCENT > CCNA -
Optionsladiesman217
Member Posts: 416
Yes, gpedit.msc only opens up the "Local Security Policy" for that computer.
Your domain computers get their "Account Policies" applied at a higher level; the Domain level. That's why it is grayed out.
Policies are processed in this order:
Local
Site
Domain
Organizational Unit (OU)
Go to Active Directory Users and Computers > Right click the domain > Properties > Group Policy > click Default Domain Policy > Edit.
From there, go Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policies.
thanks amart83... got it! I'm playing with group policy using a dc, so when I define a GPO under active directory does it apply as well to the DC? Now I'm confuse how do I implement policy in the DC itself when the options running gpedit is greyed out. thanks in advance.No Sacrifice, No Victory.
