Minimum Password Age

[MS]

My company wants to turn password aging on and set it to
60 days. The problem is that the majority of user
passwords are over 60 days old and if we turned the
minimum password age policy back on agan then all these
people will be locked out.

We want to ensure that users are staggered when being
forced to reset their passwords.

What would be the most efficient way to do this?

MS

PS: The minimum password age policy was originally set to
60 but was disabled during the migration to another domain.

 

[Tom Ausburne]

This information comes from the Technet site:
Microsoft Solution for Securing Windows 2000 Server

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/sec
urity/prodtech/windows/secwin2k/default.asp

Because the password policy can only be set at the domain level,
there may be business or legal requirements that segment some users
into a separate domain simply to enforce the use of a stricter
password policy on that group.

From this it appears that the only way to have seperate password
policies is to have multiple domains.

There is one workaround. You could manually force the users to
change their password at the next logon. You can do this for groups
of users until you have done them all and then put the policy in
place.


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.