Changes are not applied when you change the password policy (269236)
The information in this article applies to:
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
This article was previously published under Q269236 SYMPTOMS When you change the password policy, the changes are not
applied as expected. CAUSE This issue can occur in either of the following scenarios:
- The Block Policy Inheritance option is
enabled on the Domain Controllers organizational unit.
- The password policy is not set in the Default Domain
policy.
RESOLUTION To resolve this issue, disable the Block Policy
Inheritance option on the Domain Controllers organizational unit:
- Start the Active Directory Users and Computers
snap-in.
- Right-click the Domain Controllers organizational unit,
click Properties, and then click to clear the Block Policy
Inheritance check box.
- On the domain controllers, run the following command:
secedit /refreshpolicy machine_policy /enforce
If this issue occurs because you did not set password policy in
the Default Domain policy, set all password policies in the Default Domain
policy. STATUS This behavior is
by design.MORE INFORMATION In Windows 2000, password policies are read-only at the
domain level. The policy must be applied to the domain controllers for the
policy to be applied. If you initiate a password change for a domain password
from anywhere in the domain, the change actually occurs on a domain controller.
Modification Type: | Minor | Last Reviewed: | 1/20/2006 |
---|
Keywords: | kbprb kbui KB269236 kbAudITPRO |
---|
|