B
Brian
Hello,
We've been having a problem here lately with password
expirations. The machines having problems are Windows 2000
clients; the domain is served by Windows 2003 Servers. The
default domain policy specifies:
Enforce password history: 7 passwords remembered
Maximum password age: 30 days
Minimum password age: 1 days
Minimum password length: 9 characters
Password must meet complexity requirements: Enabled
Store passwords using reversible encryption: Disabled
There are no other domain policies in place and so all the
users are affected by the above default policy.
The problem is, sometimes, users are prompted at incorrect
times that their password will soon expire and that they
should change it. For one user, they changed their
password last week, yet since that time they have been
prompted 3 or 4 times when they log in that their password
will soon expire and do they wish to change it. I had the
user run a query to check their pwdLastSet and compute
when the password should expire to make sure the settings
are being distributed properly and the query returned the
expected results (password must be changed in ~3 weeks,
was changed last week, etc.)
I understand from some research that we might see problems
like this if the client was running XP as it logs the user
in while still applying the domain policy in the
background (or something to the like.) My research seemed
to indicate that this was a new feature to XP however and
should not be causing this problem on 2000. Has anyone
ever seen a problem like this with a 2000 client?
Any suggestions would be highly appreciated, thank you.
We've been having a problem here lately with password
expirations. The machines having problems are Windows 2000
clients; the domain is served by Windows 2003 Servers. The
default domain policy specifies:
Enforce password history: 7 passwords remembered
Maximum password age: 30 days
Minimum password age: 1 days
Minimum password length: 9 characters
Password must meet complexity requirements: Enabled
Store passwords using reversible encryption: Disabled
There are no other domain policies in place and so all the
users are affected by the above default policy.
The problem is, sometimes, users are prompted at incorrect
times that their password will soon expire and that they
should change it. For one user, they changed their
password last week, yet since that time they have been
prompted 3 or 4 times when they log in that their password
will soon expire and do they wish to change it. I had the
user run a query to check their pwdLastSet and compute
when the password should expire to make sure the settings
are being distributed properly and the query returned the
expected results (password must be changed in ~3 weeks,
was changed last week, etc.)
I understand from some research that we might see problems
like this if the client was running XP as it logs the user
in while still applying the domain policy in the
background (or something to the like.) My research seemed
to indicate that this was a new feature to XP however and
should not be causing this problem on 2000. Has anyone
ever seen a problem like this with a 2000 client?
Any suggestions would be highly appreciated, thank you.