tac*_*cos 2 windows-server-2008 password active-directory group-policy
好的。我已经实施了密码策略。我从以前的帖子中知道它不能从 OU 内应用,所以我从默认域策略中配置了它。我从客户端计算机运行 RSOP.msc,并且策略设置与源 GPO“默认域策略”一起显示。所以看起来它正在工作,但事实并非如此。例如,我有一个复杂性要求,但它接受密码“a”。它还允许我在 Windows 安全中心更改我的密码,而设置为 89 天的“最小密码期限”。显然,该政策实际上并未得到应用!
该怎么办?
RSOP results for XXXX\XXXX on XXXXX-XXXXX: Logging Mode
----------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: XXXXXX
Domain Type: Windows 2000
Site Name: XXXXXX
Roaming Profile:
Local Profile: C:\Documents and Settings\XXXXX
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=XXXXXXXXX,OU=UserComputers,DC=corp,DC=XXXXX,DC=com
Last time Group Policy was applied: 10/14/2011 at 3:58:40 PM
Group Policy was applied from: tfs.corp.emergingmed.com
Group Policy slow link threshold: 0 kbps
Applied Group Policy Objects
-----------------------------
Published Software
Copy of Base
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
SQLServerMSSQLServerADHelperUser$XXXXX
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
XXXXXXX$
Domain Computers
People
USER SETTINGS
--------------
CN=XXXXXX,OU=Employees,DC=corp,DC=XXXX,DC=com
Last time Group Policy was applied: 10/14/2011 at 3:58:40 PM
Group Policy was applied from: tfs.corp.XXXXX.com
Group Policy slow link threshold: 0 kbps
Applied Group Policy Objects
-----------------------------
Published Software
Startup Scripts
Copy of Base
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Administrators
Remote Desktop Users
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
密码策略应应用于帐户数据库所在服务器的 OU。如果您尝试控制活动目录上的密码,这意味着您的策略应该应用于域控制器 OU。如果您在域控制器 OU 上阻止了继承,那么修改默认情况下在根链接的默认域策略将不会执行您想要的操作。
通过在默认域级别设置策略,您可能正在控制工作站的密码策略。我的意思是您工作站上的本地帐户现在具有密码要求。尝试创建本地帐户并设置密码。
这部分与在 Windows 2008 之前的域中不能拥有多个密码策略的相同原因有关。该策略必须应用于所有域控制器,因此无法区分不同的用户/计算机。
即使使用2008 年的细粒度策略,您也不能简单地使用组策略,您必须在 LDAP 中设置特殊属性以使不同的对象针对不同的密码策略。
| 归档时间: |
|
| 查看次数: |
10528 次 |
| 最近记录: |