I thought I would share this to see if there were any other similar
situations someone had come across.
I have been applying a security template to XP machines using the
secedit.exe cmdline tool. I noticed that the Maxpassword age would not
apply, defaulting to 42 days (setup security settings), the log would
report an error
'Secedit Error 87: The parameter is incorrect.'
the relevant part of the security template...
; 1.2 - Maximum password age (Apply at the domain level)
MaximumPasswordAge = -1
; 1.3 - Minimum password age (Apply at the domain level)
MinimumPasswordAge = 0
(Before you mention it, I know that settings the password expiration to
never expire is a security problem, however these are standalone
machines that utilise a separate password system to the std windows one)
After about half an hour of googling for the answer, on a hunch I tried
this change
; 1.2 - Maximum password age (Apply at the domain level)
MaximumPasswordAge = -1
; 1.3 - Minimum password age (Apply at the domain level)
; MinimumPasswordAge = 0
lo and behold commenting out the min password fixed the problem, it
would seem that defining any minimum password age when max is -1 would
result in the same circumstance
Are there other 'dependant' settings in the security templates/group policy?
--
Michael Chinn
User Support Officer - Information Technology
Great Barrier Reef Marine Park Authority
PO Box 1379
TOWNSVILLE, QLD 4810
========================================================================
========
If you have received this transmission in error please notify us immediately
by return email and delete all copies. Any unauthorised use, disclosure or
distribution of this email is prohibited.
========================================================================
========
situations someone had come across.
I have been applying a security template to XP machines using the
secedit.exe cmdline tool. I noticed that the Maxpassword age would not
apply, defaulting to 42 days (setup security settings), the log would
report an error
'Secedit Error 87: The parameter is incorrect.'
the relevant part of the security template...
; 1.2 - Maximum password age (Apply at the domain level)
MaximumPasswordAge = -1
; 1.3 - Minimum password age (Apply at the domain level)
MinimumPasswordAge = 0
(Before you mention it, I know that settings the password expiration to
never expire is a security problem, however these are standalone
machines that utilise a separate password system to the std windows one)
After about half an hour of googling for the answer, on a hunch I tried
this change
; 1.2 - Maximum password age (Apply at the domain level)
MaximumPasswordAge = -1
; 1.3 - Minimum password age (Apply at the domain level)
; MinimumPasswordAge = 0
lo and behold commenting out the min password fixed the problem, it
would seem that defining any minimum password age when max is -1 would
result in the same circumstance
Are there other 'dependant' settings in the security templates/group policy?
--
Michael Chinn
User Support Officer - Information Technology
Great Barrier Reef Marine Park Authority
PO Box 1379
TOWNSVILLE, QLD 4810
Ph 07 47500874 Fax 07 4772 6093
michaelc (at) gbrmpa.gov (dot) au [email concealed]
========================================================================
========
If you have received this transmission in error please notify us immediately
by return email and delete all copies. Any unauthorised use, disclosure or
distribution of this email is prohibited.
========================================================================
========
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]