Recently, friends often ask me why I changed the password policies in the domain security policy in the Win2K3 AD environment, but why can't the local security policy change?
First let's understand the implementation of the strategy: Local
Site
Domain
OU, the higher the priority of the last execution, then Local is the first executed
In the setting of the DC setting, the domain security policy will overwrite the local security policy, then everyone knows that there is a policy called the domain controller security policy, what is the domain security policy? The domain controller security policy is upgraded. The domain controller will be generated, then his actual replacement is the local security policy, which is the domain controller security policy, then what is the above question, then follow the steps below:
First enter the domain security policy, after completing the password policy changes in the account policy, enter the local security policy, or by selecting, enter gpedit.msc to enter, and find the policy is not optional .ok! This problem needs to be again Enter the password policy in the account policy in the domain controller security policy, and then you will see that the default is not defined. You need to define whether the password is in line with the complex selection definition, (if you want to define him, choose Enable, if you don't want to Choose to disable .ok! Then change the length of the password, and the definition is complete! So complete the group policy by the following command:
gpupdate
/ Target: Computer
After the group policy is executed! Enter the local security policy to see if you look at it!
