Ok so I read how the password policy works , and as stated it hasnt changed in a long time. except for Fine grained password policy.
But here is my scenerio. How exactly can you check which GPO with the password policy is applying to domain, can I go to adsiedit.msc somehwere and find out?
facts for my environment
I can do a GPresult on my workstation and the password policy is applying for my the workstaiton, is one that is in an OU where teh workstation resides, not at the root of the domain. eg"w7 security GPO"
1. Does the gpresults at the workstation is only displaying the password policy for the local database on the workstation?
When I do a GPresult on the domain controller, its says "not defined" but if I go to gpedit.msc on the DC it has some settings there, strange enough I do not find any gpo that is applied to the domain or domain controllers OU that has those settings. (the settings on teh gpedit.msc are grayed out like when is controlled by a GPO)
Also the Defautl domain policy has been unlinked from the domain. I do see one GPO on the domain level that has a password policy , but is not the highest link order, but it is the highest that has the password policy settign set.
So my question again if I lost you along the way, how exactly can I find out which GPO is providing my password policy?
Thank you.