Implementing domain password security

  • Thread starter Thread starter cmorrisette
  • Start date Start date
C

cmorrisette

I am about to implement password security on an established domain. I
don't have a lab to test in, so I want to make sure I understand how
the policy is going to affect users. The only area I really have a
question on is the maximum password age policy. I haven't been able to
find any official documentation that describes what will happen when
this policy is put in place. Some forums say that it will simply start
the clock ticking and expire the accounts x days when the policy is set
for. Other forums say that if the accounts have passwords that are
older than what the policy calls for the accounts will be immediately
expired, and the users will be forced to change them on the next login.
Can someone out there reassure me what really happens, and if possible
point me in the direction of where this might be officially documented?
Thanks in advance.
 
Howdy!

the clock ticking and expire the accounts x days when the policy is set
for. Other forums say that if the accounts have passwords that are
older than what the policy calls for the accounts will be immediately
expired, and the users will be forced to change them on the next login.
Can someone out there reassure me what really happens, and if possible
point me in the direction of where this might be officially documented?
Click to expand...

Short answer for your question :-) - there's a KB article on this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;236373

cheers,

Florian
 
Hi,

Password expirations are a calculated value based upon the maxPwdAge
attribute of the Domain and the pwdLastSet value of the user in
question.
If the Pwdlastset + maxpwdage >= current time/date the password is
expired and the user will be required to change their password.

The expiration is based off the time the passwords were set, not off
the time
the policy was set.

I hope this helps

Harj Singh
Password Policy done right
www.specopssoft.com
 
Thanks for the quick responses. Florian really helped by finding the kb
article. I don't know why it did not show up in my searches, as I had
almost that exact title as my search.

Thanks Again.
 
Howdy!

Thanks for the quick responses. Florian really helped by finding the kb
article. I don't know why it did not show up in my searches, as I had
almost that exact title as my search.
Click to expand...

A tip/trick the next time: I searched in google for "Maximum password
age site:support.microsoft.com" - this just displays all results coming
from support.microsoft.com - you could also try "site:microsoft.com" or
"site:technet.microsoft.com" ...

cheers,

Florian
 
Back
Top