Forum Discussion
Windows Server 2012 R2 GPM>windows setting> security setting >Account Policy missing
KrisC5 You should create the PolicyDefinitions folder inside the Policies folder, which would be c:\windows\sysvol\domainname\policies\policydefinitions. (The other paths should be the same content-wise ) Inside the policydefinitions folder, you copy all the admx files and the en-us folders (And other languages if needed) containing the adml files. This should look something like this : (Both from domain and local path, same folder)
If you reopen the Group Policy editor and edit the policy, you should see the Account Policies folder inside the GPO.
Yes thats the path i mentioned, they are in the policies folder, but still it is not creating a central store. i have the downloaded Policy definitions with all the language and ADMl/ADMX files still in that folder
- Jan 10, 2023
Windows 2012 R2 server? Could you try using the Group Policy editor from a workstation? Did you log off and log in again? The central store is the PolicyDefinitions folder. You don't have to do anything else.
- KrisC5Jan 10, 2023Copper Contributori am on a workstation and loging off and in again didnt do anything. Ive been dealing with this since the middle of december, and heard the same thing you mentioned.
I questioned if it was cause ours uses the path\\serverhostname\sysvol\domain instead of, \\Domainname\sysvol\domain which is how ive seen it. But the \\serverhostname shouldnt be the issue from what i learned.
Im not sure why it has all the setting and recognizes the variable like attempts, age, complexity, but account policies is still missing- Jan 10, 2023
I'm sorry, I didn't read it correctly. Although it's a good idea to have the central store in your Policies folder... You can only set the Password Policy setting at the Domain Level 🙂 --> https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/account-policies
Each domain can have only one account policy. The account policy must be defined in the default domain policy or in a new policy that is linked to the root of the domain and given precedence over the default domain policy, which is enforced by the domain controllers in the domain
And you are editing that one... This is strange?! Is the GptTmp.inf missing? Do you see the file in this location?Should contain something like this:
[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 1
MaximumPasswordAge = 42
MinimumPasswordLength = 7
PasswordComplexity = 1
PasswordHistorySize = 24
LockoutBadCount = 0
RequireLogonToChangePassword = 0
ForceLogoffWhenHourExpire = 0
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
[Kerberos Policy]
MaxTicketAge = 10
MaxRenewAge = 7
MaxServiceAge = 600
MaxClockSkew = 5
TicketValidateClient = 1
[Registry Values]
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1
[Version]
signature="$CHICAGO$"
Revision=1