Password Change

  • Thread starter Thread starter dino.kyprianou
  • Start date Start date
D

dino.kyprianou

We are operating Windows 2003 Server with XP Clients. We have set a
group policy that states clients should:-

Password History = 12 remembered
Max Age = 90 days
Min Age = 30 days
Min Length = 6 characters
Complexity Requirements = enabled

However none of clients are able to change their passwords when they
need to. On the day of expiry they can change it then but not before.

Has anyone got a solution for this or any suggestions?
 
Try running the command net user username for one of the users to see what
is shows for "password changeable" date to see if it is what you expect. I
would also enable auditing of account management in Domain Controller
Security Policy and then look in the security logs to see if there is a
failure recorded for password change for a user and the reason why. You
might want to reduce your minimum password age to a few days as in my
opinion thirty days is way to long. A user should be able to change their
password if they feel the need to. Setting it at a couple days will usually
dissuade most users from cycling through passwords. --- Steve
 
Back
Top