Domain Password Policy

  • Thread starter Thread starter PJB
  • Start date Start date
P

PJB

I want to change our domain password policy. Only problem is I've hear
that if I change the policy to require complex passwords and I chang
the minimum password length that users will not be able to acces
resources until they change their password and they will get locked ou
until their password is changed.

Is this information true?

If it is true how in the world am I supposed to change the securit
policy without creating major problems


-
PJ
 
The change will take effect when the existing password expires.

Example:

No password policy in effect.
You put a policy in effect that requires complex passwords, minimum password
length, and change passwords every 60 days.

User 1 logs in with a password they have been using for 30 days. That
password will be good for another 30 days then they will be required to
change their password and it must meet your requirements.

User 2 logs in with a password they have been using for 90 days. They are
immediately prompted that their password is expired and they must change it
to meet your requirements.

hth
DDS W 2k MVP MCSE
 
The policy change will apply to only new passwords either for a new account or a
change/reset. Also keep in mind that user accounts that are flagged with password
never expires will be immune from any maximum password age settings. Another problem
is that if you do set a maximum password age, that affected accounts that have a
passwords older than the new policy will immediately expire. --- Steve
 
Danny Sanders said:
The change will take effect when the existing password expires.

Example:

No password policy in effect.
You put a policy in effect that requires complex passwords, minimum
password length, and change passwords every 60 days.

User 1 logs in with a password they have been using for 30 days. That
password will be good for another 30 days then they will be required
to change their password and it must meet your requirements.

User 2 logs in with a password they have been using for 90 days. They
are immediately prompted that their password is expired and they must
change it to meet your requirements.
Click to expand...

The only exception to this is if you are using Metaframe and the clients
connect via NFuse. In this case they will not even be able to login to
change their password. A domain admin (or delegated user) will need to
reset their password for them (just make sure you tick the box that says
User Must Reset Password At Next Logon.)

Regards
Andy.
 
Back
Top