Password Policy under DC

[moinuddin_sh]

I want to define password policy (lengh, age etc.) under the group policy of a user group. I did it "Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\" but when a user of this group login to domain, this policy has no effect on the user.

[fizban2]

once the user is logged on, run from the command prompt

gpresult

is the GPO that you created listed as being applied? if not run

gpupdate /force

from the command line and log off the machine. double check the GPO is connected to the correct out. if you have not already done so i would suggest downloading the Group Policy Management Console from Microsofts site

[nmX.Memnoch]

If I'm not mistaken you can currently only have one password policy in the domain (this may change with Windows Server 2008). I believe it also has to be specified in the Default Domain Policy (or the Default Domain Controller Policy). Keep in mind that the user accounts are stored on the Domain Controller(s) so applying this setting to any other computers will only apply to local accounts on those computers, not the domain accounts. This is a setting that needs to be enforced on the Domain Controllers since there's where the user accounts are stored.

[nitroshift]

If I'm not mistaken you can currently only have one password policy in the domain [...]

Correct!

[cluberti]

I believe it also has to be specified in the Default Domain Policy (or the Default Domain Controller Policy).

Also correct!