DFL/FFL - Windows 2008
Clients are Windows XP SP3
Windows 2008/R2 DC's
I have successfully implemented a Password Settings Object in a test domain. This is acting and behaving as intended except for one curious issue. During testing, I noticed when changing password either because of expiration or ctrl+alt+del, if you put in a password that does not meet the minimum complexity requirements you receive the standard "The password supplied does not meet the minimum complexity requirements. Please select another password that meets the following criteria: ..." It then displays values for character length, no. of password saved in history, etc. However, these values are from the password restrictions in the Default Domain Policy (DDP), not the settings from the Password Settings Object (PSO).
For instance, the DDP has the value of '2 remembered' for the "Enforce password history" and the PSO has a value of 6 remembered. The Change Password notice shows the DDP value of 2.
So my question is, why? Why doesn't the notice popup display values from the PSO and not values from the DDP. I have tried to unlink the DDP, same problem. I have also disabled "Account Policies/Password Policy" settings in the DDP, same problem.
I have found articles on customizing this notice popup via msgina.dll but, I am unwilling to go that far until it is the only option (seems overkill and an unreasonable solution). I don't want a custom message I want a message display correct values.
Also, I put this in a group policy thread because it's called a policy even though it isn't one. If this is incorrect, MOD please move to appropriate thread.
Any help is greatly appreciated!
Thanks..