Password policy

R

Richard

We will soon be implementing password policies in our organization.
Password must meet complexity requirements will be enabled. Since this is
the first time ever, will users have to change or be prompted to change
their password once the policy is in place? Or will they be prompted before
their existing password expires. The password age is set at 6 months. Any
comments will be greatly appreciated. Thanks.
 
L

Laura E. Hunter \(MVP\)

Any changes to password complexity requirements will take effect at the next
password change. If your existing passwords are already older than 6
months, they will be prompted to change at the user's next logon by default.

If your clients can all support it, you should disable the LM hash at the
same time that you change your password requirements, since disabling the
hash requires a password change to take effect and is a good security
measure to follow. Mark Minasi's newsletter archive (free registration
required) has a great explanation of how to do this:

http://www.minasi.com/showdoc.asp?docname=nws0304.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Enable Password Policy question 1
Do my account policies really work ? 4
Password Change 2
2003 Group Policy Default Domain Policy 2
Group Policy Not Being Applied?? 11
Problem with password expirations 2
password local policy in domain 2
Password policy not enforced 1

Top