!Newbie! Windows 2000/2003 security question

[Guest Kryten]

Hi,

 

I look after a range of application that run in both Win2000Server and

WK3 Server (SP4+SP1 resp.)

Have done succesfully for a a good few years now and thought that I

knew my way around them quite well.

 

These applications demand that the machine is not in a larger AD. They

need to be standalone or in their

own AD domain.

 

Strange thing; when I look at security settings I see that, for

example, their maximum password age is 42 days and password complexity

is enabled...this shows as both configured and effective

settings...yet I've never had to change a password or use a

particularly complex password.

 

It's like the "effective setting" is not actually being enforced.

 

This is one area that I'm weak in. Could someone give me a shove in

the right direction to help me understand how this could be?

 

Thanks,

K