Domain Password Policy

[JBailey]

Hello,

The only password policy we currently enforce in our 1 domain is a minimum
length of 6 characters. We want to implement a password policy requiring the
following:

Enforce password history - 3 passwords
Maximum password age - 90 days
Minimum password age - 15 days
Minimum password length - 8 characters
Password complexity - Enabled

We currently have numerous damain service accounts that do NOT meet the
above settings. I have edited all of these user accounts and selected
'Password Never Expires', but I am worried about enabling password
complexity. Will this setting only affect the service accounts when we go to
change their passwords, or will it prompt for a password change the next
time a service attemtps to use one of the accounts.

Hopefully this is clear enough. If more detail is needed please let me know.

Thanks,
JBailey

 

[Steven L Umbach]

My understanding and experience with user accounts is that the change for
complexity will apply only to newly created passwords whether a new account,
password change, or reset password. If for some reason you ever need to back
out of complex passwords, be sure to set it to disabled instead of
undefined. Also you could test your proposed changes out on a non domain
test machine configuring Local Security Policy to see what the results are
on local accounts. --- Steve

 

[Richard McCall [MSFT]]

Password complexity requirements are only checked during a password change

 

[JBailey]

Thats what I needed to know. Thanks for the quick response!

JBailey