Christoph-
Are you saying that the password policy is still applying
to domain users or to user accounts on the local SAMs of your workstations? If
the latter, when you bring the gpedit.msc on a client, what does the local GPO
show for its password policy and where is it getting its effective policy? You
might also check the application event logs on your clients to see if you're
getting any SCECLI errors, which would indicate a problem processing security
policy. Also, use GPOTool.exe to make sure the Default Domain GPO is
healthy.
Darren
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Puetz, Christoph
Sent: Tuesday, May 25, 2004 7:39 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Weird AD GPO problem
We're dealing with a
really weird GPO problem. The password policy got changed in the default domain
GPO. This was not supposed to happen and the changes have been reversed due to
problems with some clients and 3rd party
software.
However - even with
forcing replication and forcing gpupdate on the clients, numerous reboots - the
settings still apply to the clients.
Any idea what is
holding on to the wrong GPO settings and how that can be cleared
out?
Windows 2000 AD Domain
- mixed mode.
I also refeshed the policy on the
DCs:
secedit /refreshpolicy machine_policy
/enforce
secedit /refreshpolicy user_policy
/enforce
Christoph
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
