Domain Password Policy

P

PJB

I want to change our domain password policy. Only problem is I've hear
that if I change the policy to require complex passwords and I chang
the minimum password length that users will not be able to acces
resources until they change their password and they will get locked ou
until their password is changed.

Is this information true?

If it is true how in the world am I supposed to change the securit
policy without creating major problems


-
PJ
 
D

Danny Sanders

The change will take effect when the existing password expires.

Example:

No password policy in effect.
You put a policy in effect that requires complex passwords, minimum password
length, and change passwords every 60 days.

User 1 logs in with a password they have been using for 30 days. That
password will be good for another 30 days then they will be required to
change their password and it must meet your requirements.

User 2 logs in with a password they have been using for 90 days. They are
immediately prompted that their password is expired and they must change it
to meet your requirements.

hth
DDS W 2k MVP MCSE
 
S

Steven L Umbach

The policy change will apply to only new passwords either for a new account or a
change/reset. Also keep in mind that user accounts that are flagged with password
never expires will be immune from any maximum password age settings. Another problem
is that if you do set a maximum password age, that affected accounts that have a
passwords older than the new policy will immediately expire. --- Steve
 
A

Andrew Mitchell

Danny Sanders said:
The change will take effect when the existing password expires.

Example:

No password policy in effect.
You put a policy in effect that requires complex passwords, minimum
password length, and change passwords every 60 days.

User 1 logs in with a password they have been using for 30 days. That
password will be good for another 30 days then they will be required
to change their password and it must meet your requirements.

User 2 logs in with a password they have been using for 90 days. They
are immediately prompted that their password is expired and they must
change it to meet your requirements.
Click to expand...

The only exception to this is if you are using Metaframe and the clients
connect via NFuse. In this case they will not even be able to login to
change their password. A domain admin (or delegated user) will need to
reset their password for them (just make sure you tick the box that says
User Must Reset Password At Next Logon.)

Regards
Andy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

domain security policy 6
Account policy (password) 3
Password Policy 1
Domain Security Policy password policy 3
Domain Password Policy 3
Password policy 5
Password Policy 1
Password Policy in Win2k Domain 3

Top