Archived from groups: microsoft.public.win2000.group_policy (More info?)
Hello,
We've been having a problem here lately with password
expirations. The machines having problems are Windows 2000
clients; the domain is served by Windows 2003 Servers. The
default domain policy specifies:
Enforce password history: 7 passwords remembered
Maximum password age: 30 days
Minimum password age: 1 days
Minimum password length: 9 characters
Password must meet complexity requirements: Enabled
Store passwords using reversible encryption: Disabled
Interactive logon: Prompt user to change password before
expiration: 4 days
There are no other domain policies in place and so all the
users are affected by the above default policy.
The problem is, sometimes, users are prompted at incorrect
times that their password will soon expire and that they
should change it. For one user, they changed their
password last week, yet since that time they have been
prompted 3 or 4 times when they log in that their password
will soon expire and do they wish to change it. I had the
user run a query to check their pwdLastSet and compute
when the password should expire to make sure the settings
are being distributed properly and the query returned the
expected results (password must be changed in ~3 weeks,
was changed last week, etc.)
Has anyone ever seen a problem like this with a 2000
client? Any suggestions on how to debug this? I'm not
seeing any relevant errors/warnings in either the DCs'
logs or the client's. We have this problem intermittently
with a few users but not everyone. It isn't causing any
big problems, just a constant annoyance for those few. I'm
really not sure if it is a problem with the policy being
applied incorrectly or what. Posting here as I already
posted in general with no response and this is related to
GPs..
Any suggestions would be highly appreciated, thank you.
Hello,
We've been having a problem here lately with password
expirations. The machines having problems are Windows 2000
clients; the domain is served by Windows 2003 Servers. The
default domain policy specifies:
Enforce password history: 7 passwords remembered
Maximum password age: 30 days
Minimum password age: 1 days
Minimum password length: 9 characters
Password must meet complexity requirements: Enabled
Store passwords using reversible encryption: Disabled
Interactive logon: Prompt user to change password before
expiration: 4 days
There are no other domain policies in place and so all the
users are affected by the above default policy.
The problem is, sometimes, users are prompted at incorrect
times that their password will soon expire and that they
should change it. For one user, they changed their
password last week, yet since that time they have been
prompted 3 or 4 times when they log in that their password
will soon expire and do they wish to change it. I had the
user run a query to check their pwdLastSet and compute
when the password should expire to make sure the settings
are being distributed properly and the query returned the
expected results (password must be changed in ~3 weeks,
was changed last week, etc.)
Has anyone ever seen a problem like this with a 2000
client? Any suggestions on how to debug this? I'm not
seeing any relevant errors/warnings in either the DCs'
logs or the client's. We have this problem intermittently
with a few users but not everyone. It isn't causing any
big problems, just a constant annoyance for those few. I'm
really not sure if it is a problem with the policy being
applied incorrectly or what. Posting here as I already
posted in general with no response and this is related to
GPs..
Any suggestions would be highly appreciated, thank you.