Account policy (password)

[Guest]

When applying an account policy domain wide for minimum password length or
complexity, would it affect users next time they log in, or only next time
they change their password?

Example: User1 has a 3 character password, I enforce policy minimum length 6
characters. What happens when they try to login tomorrow?

Sorry if this seems obvious but I'm trying to avoid undesirable affects..

 

[Steven L Umbach]

ALWAYS best to ask. The change will not occur until the user needs to change
his password. However if you are implementing maximum password age at the
same time in your new configuration you may find that many users will have
their passwords expire right away. Either way be sure to educate your users
on new requirement with specific examples of what will or will not work or
you will have a major support headache. --- Steve

 

[Guest]

Thanks, that's what I thought. On the password age setting am I correct in
thinking that once that is applied, a password will expire immediately if it
has not been changed in X days, where X is the period set in the policy
(regardless of the "password never expires" setting that was previously
checked, but now unchecked)?

 

[Steven L Umbach]

Yes the password will expire immediately. That does not mean that a user
that is already logged on will be logged off but he could have trouble
accessing domain resources. There is a neat free tool called Dumpsec from
SomarSoft and I believe you can dump user accounts to a table and among many
other things see things like password age. --- Steve

http://www.somarsoft.com/ --- Dumpsec