Disable "Maximum Password Age"

G

Guest

Hi!

We have a new 2003 domain controller on one of our schools. After users
started to contact us about not wanting to change passwords we disabled the
Maximum and Minimum Password Age on the Default Domain Policy and hoped it
would stop the message "Your password will expire in x days" but they still
get this message when they try to log in.

How can i stop this message.
 
M

Mark Renoden [MSFT]

Hi

The policy won't apply until the user changes their password and then it's
valid from that point on.

Disabling this is not recommended. Passwords are important. You should
have a read of the following document and then educate your users so that
they no longer see passwords as an inconvenience:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Hi!

Thanks. Sorry about the very late reply.

It seems the users still get the message "Your password will expire in X
days" over and over again and i have checked the policy and it is not
enabled. Why is this?


Mark Renoden said:
Hi

The policy won't apply until the user changes their password and then it's
valid from that point on.

Disabling this is not recommended. Passwords are important. You should
have a read of the following document and then educate your users so that
they no longer see passwords as an inconvenience:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.


Jarno said:
Hi!

We have a new 2003 domain controller on one of our schools. After users
started to contact us about not wanting to change passwords we disabled
the
Maximum and Minimum Password Age on the Default Domain Policy and hoped it
would stop the message "Your password will expire in x days" but they
still
get this message when they try to log in.

How can i stop this message.
Click to expand...
Click to expand...
 
G

Guest

Hi!

I could really need some help with this because it is causing much trouble.

This is a child domain where we have disabled this setting in the GPO. Do we
need to disable it in the root to get rid of it?

// Jarno

Jarno said:
Hi!

Thanks. Sorry about the very late reply.

It seems the users still get the message "Your password will expire in X
days" over and over again and i have checked the policy and it is not
enabled. Why is this?


Mark Renoden said:
Hi

The policy won't apply until the user changes their password and then it's
valid from that point on.

Disabling this is not recommended. Passwords are important. You should
have a read of the following document and then educate your users so that
they no longer see passwords as an inconvenience:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.


Jarno said:
Hi!

We have a new 2003 domain controller on one of our schools. After users
started to contact us about not wanting to change passwords we disabled
the
Maximum and Minimum Password Age on the Default Domain Policy and hoped it
would stop the message "Your password will expire in x days" but they
still
get this message when they try to log in.

How can i stop this message.
Click to expand...
Click to expand...
Click to expand...
 
P

Paul Bergson

I'm not sure where in the loop this question lies but password policies
impact domain users only when the policy is applied at the default domain
policy in each domain with in a forest. A gpo applied in an ou or site will
only impact the local machines.

I would highly recommend against not forcing password change. Any changes
made on this policy won;t take effect until the next time a user changes
their password.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



Jarno said:
Hi!

I could really need some help with this because it is causing much trouble.

This is a child domain where we have disabled this setting in the GPO. Do we
need to disable it in the root to get rid of it?

// Jarno

Jarno said:
Hi!

Thanks. Sorry about the very late reply.

It seems the users still get the message "Your password will expire in X
days" over and over again and i have checked the policy and it is not
enabled. Why is this?


Mark Renoden said:
Hi

The policy won't apply until the user changes their password and then it's
valid from that point on.

Disabling this is not recommended. Passwords are important. You should
have a read of the following document and then educate your users so that
they no longer see passwords as an inconvenience:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.


Hi!

We have a new 2003 domain controller on one of our schools. After users
started to contact us about not wanting to change passwords we disabled
the
Maximum and Minimum Password Age on the Default Domain Policy and hoped it
would stop the message "Your password will expire in x days" but they
still
get this message when they try to log in.

How can i stop this message.
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

We have disabled it on the default domain policy in the child domain but
still they have to change it. I guess we could change it on the root domain
to see if that helps? But is there not any other settings that has to be
disabled in order to disable "Maximum and Minimum Password Age" like "Enforce
password history"

Yes i know it is not a good idea to disable the forcing of the password
change and if i was the boss i would not allow it but i dont have anything to
say about it.

// Jarno

"Paul Bergson" skrev:
I'm not sure where in the loop this question lies but password policies
impact domain users only when the policy is applied at the default domain
policy in each domain with in a forest. A gpo applied in an ou or site will
only impact the local machines.

I would highly recommend against not forcing password change. Any changes
made on this policy won;t take effect until the next time a user changes
their password.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



Jarno said:
Hi!

I could really need some help with this because it is causing much trouble.

This is a child domain where we have disabled this setting in the GPO. Do we
need to disable it in the root to get rid of it?

// Jarno

Jarno said:
Hi!

Thanks. Sorry about the very late reply.

It seems the users still get the message "Your password will expire in X
days" over and over again and i have checked the policy and it is not
enabled. Why is this?


:

Hi

The policy won't apply until the user changes their password and then it's
valid from that point on.

Disabling this is not recommended. Passwords are important. You should
have a read of the following document and then educate your users so that
they no longer see passwords as an inconvenience:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.


Hi!

We have a new 2003 domain controller on one of our schools. After users
started to contact us about not wanting to change passwords we disabled
the
Maximum and Minimum Password Age on the Default Domain Policy and hoped it
would stop the message "Your password will expire in x days" but they
still
get this message when they try to log in.

How can i stop this message.
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

New Password Policy to implement 2
Details on "Maximum machine account password age" are needed 5
Password on 2003 server AD. 1
Password Policy Reset to the old setting, Why? 8
Password policy 2
strong passwords 8
Account Policies 3
Maximum password age - Need Proof 11

Top