LOL :P. Where would I set local password policy via GPO? If i go to the server and try to edit the local security policy all the options are grayed out.
I have had a normal laptop do it and that's how I sorted it out coz it keeps using the password that was saved on it, on a server might need a different approach like the one IgnaceQ came up with.
Has anyone seen this before? I'm sure its something to do with security, but I've been through everything I can think of and i cant find it. To continue this discussion, please ask a new question. Get answers from your peers along with millions of IT pros who visit Spiceworks.
Hi, We have just installed and added a server R2 server to out domain, just as a member server as both a file server and as an FTP server.
Does anyone know where the server is picking these settings up from and how to disable the policy just for this machine not the whole domain Thanks, Mick. Best Answer. IgnaceQ This person is a verified professional. Verify your account to enable IT peers to see that you are a professional.
I checked my documentation and i found 2 entry's. For example, if a group is about to be assigned the SuperComplexity policy and another policy, the policy with the lowest msDS-PasswordSettingsPrecedence value will apply. We will use True in this example.
We will use 12 for this example. In this example we would like to allow immediate change of password if needed, so we will set this setting to none. For the msDS-MaximumPasswordAge , enter the amount of time that the password will stay valid before expiring. For the msDS-LockoutThreshold set the number of times a password is entered wrong before the account gets locked-out in active directory.
Be careful, as setting this value to a low value may result to an account lockout storm. We will use 10 tries in this example. Keep in mind that any existing users with wrongly cached passwords will lockout really quickly. In this example we will set this amount to 30 minutes, , and then click Next. For the msDS-LockoutDuration sets the duration that an account should be locked out in case of exceeding wrong password retrials.
We will set this to the same duration as the previous setting. Click Next and Finish, the wizard should successfully close if all parameters are entered correctly. We now have a PSO created and ready. We now need to apply this PSO to a certain amount of users or groups. Now you may add individual users or groups to the specific PSO.
In this example, we have created a Global Security group FinancialDirectors and added a few users as members. If the value field stays unconfigured, scroll down to the Considerations section.
Windows Client. Sign in. United States English. Ask a question. Quick access. Search related threads. Remove From My Forums. Answered by:. Archived Forums. Group Policy.
0コメント