We have a single DC and are trying to enforce Password Policies to all of our computers. We're trying to change it from the default 42 day max password age to 120 or so. The policy appears to be set on our computers, however it's not actually working. Our users end up changing their password every 30 days or so, no matter what GPO says. We only have one GPO that is setting the password policies.
When I do a net user username on a user that had to change their password today it shows they shouldn't have to change it again until 4/8/15 and said 3/something last month when they had to change their password.
Any ideas as to why the 120 day password expiration is not working?
Enforce password history 6 passwords remembered
Maximum password age 120 days
Minimum password age 1 days
Minimum password length 7 characters
Password must meet complexity requirements Disabled
Store passwords using reversible encryption Disabled
Account Lockout Policy:
Account lockout duration 5 minutes
Account lockout threshold 20 invalid logon attempts
Reset account lockout counter after 5 minutes