A Lockergnome reader recently e-mailed me about a problem he was having with implementing simple passwords in Windows Server 2003. Of course my first response was to ask: “Why use simple passwords?” As it turned out, it was only in a lab environment. The reader indicated that there was no GPO applied at the OU level but the message that passwords were too simple was still appearing.

Account settings, including password settings, are only effective when they are applied at the domain level. This is one thing that many people often forget and therefore, it is worthy of mentioning yet again. Therefore, in order for this to work, the reader needed to edit the Default Domain Policy or any other policy that had been configured at the domain level.

Since account settings are only effective when applied at the domain level, this also means that you must create multiple domains if you require multiple password policies.