Thursday, January 27, 2011

Windows Server 2008 R2 Security Policies Appear to be Locked

Running GPEDIT.msc: Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy

I am unable to change any of these policies as they appear to be locked (the icons have a little padlock against them and when I open properties all the options are greyed out)

For what it's worth I'm trying to reduce the password history value.

I'm logged in as admin on the domain controller for the network.

I've googled but can't find anything that fits, anyone got any ideas?

From serverfault Marko Carter

  • Have you tried the Group Policy Management Client?

    From: http://technet.microsoft.com/en-us/library/dd367853%28WS.10%29.aspx

    RSAT enables IT administrators to remotely manage roles and features in Windows Server 2008 R2 from a computer that is running Windows 7. RSAT includes support for the remote management of computers that are running either a Server Core installation or the full installation option of Windows Server 2008 R2. The functionality RSAT provides is similar to Windows Server 2003 Administration Tools Pack.

    Installing RSAT does not automatically install the GPMC. To install the GPMC after you install RSAT, click Programs in Control Panel, click Turn Windows features on or off, expand Remote Server Administration Tools, expand Feature Administration Tools, and select the Feature Administration Tools and Group Policy Management Tools check boxes.

    Marko Carter : I don't need to remotely manage anything - I'm sat in front of the DC with AD and Group Policy installed...
    Grizly : So no then.. GPEdit won't work on domain machines.. you could drop it from the domain, or use GPMC.. in 2003, there was also be a "Group Policy" tab on the Domain's properties in ADUC.. however, even it prompted you to "Upgrade" to GPMC.
    From Grizly

  • The problem is that you're trying to manage a domain controller using the Group Policy editor to edit the local group policy settings, which isn't going to work. You need to use the GPMC to edit the default domain policy that is linked to your domain. The lock icon is a clue that the policy settings you are looking at are being set via domain policy, not local policy.

    From joeqwerty
Posted by Mu Cat at 6:56 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)