what happens to service account passwords if you change complexity?

Z

Ziek

If I enable "complex" passwords on my domain, will that affect my service
account passwords which already have the "password never expires" option?
We currently do not enforce complex passwords, but if we do decide to, we
are wondering if our service account passwords will then suddenly fail?
 
S

Steven L Umbach

It will only mandate that all future passwords must be complex - changes, resets, new
accounts. Those all ready in use will be fine but when changed, if ever, will need to
be complex. --- Steve
 
C

Curtis Clay III [MSFT]

Hello Ziek,
You may want to be aware that enabling complex passwords on users who never
had complex passwords may present a problem. Enabling this policy means
that the password filter setting will not allow simple passwords. My
reason for this statement is, if a user is now forced to change his
password to a complex password the policy will give an error when they
enter the new and old password stating that the password does not meet
complexity requirements. The error will be in reference to the old
password. You have to SET complex passwords for your users before you can
enable the complex password policy.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
V

Veronica Loell

Curtis Clay III [MSFT] wrote / skrev:
Hello Ziek,
You may want to be aware that enabling complex passwords on users who never
had complex passwords may present a problem. Enabling this policy means
that the password filter setting will not allow simple passwords. My
reason for this statement is, if a user is now forced to change his
password to a complex password the policy will give an error when they
enter the new and old password stating that the password does not meet
complexity requirements. The error will be in reference to the old
password. You have to SET complex passwords for your users before you can
enable the complex password policy.
Click to expand...

A non-technical thing to consider if implementing this sort of thing is
also information to the users about how to easily construct passwords
such as for example "the moon is a yellow cheese"-method and the
specific requirements of the complexity. It might also be a good idea to
explain _why_ it is important with passwords that are not easily
cracked. Apologies if this was selfevident, I know this was not the
question, but often the "human engineering" part gets forgotten.

- Veronica Loell
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Password Policy 3
Enforce Password Complexity 2
How do I change password policy for my domain (have tryed everything) 3
Steam Hacked, Valve Investigating Possible Credit Card Theft 7
Store Admin passwords in SQL Server to be read in VB.NET 2
Security Settings for Password Policy and User properties 6
How to set it so Administrator account can override Group Policy Settings? 1
Security update regarding your Ubisoft account - please create a new password 5

Top