Password policy

[Richard]

We will soon be implementing password policies in our organization.
Password must meet complexity requirements will be enabled. Since this is
the first time ever, will users have to change or be prompted to change
their password once the policy is in place? Or will they be prompted before
their existing password expires. The password age is set at 6 months. Any
comments will be greatly appreciated. Thanks.

 

[Laura E. Hunter \(MVP\)]

Any changes to password complexity requirements will take effect at the next
password change. If your existing passwords are already older than 6
months, they will be prompted to change at the user's next logon by default.

If your clients can all support it, you should disable the LM hash at the
same time that you change your password requirements, since disabling the
hash requires a password change to take effect and is a good security
measure to follow. Mark Minasi's newsletter archive (free registration
required) has a great explanation of how to do this:

http://www.minasi.com/showdoc.asp?docname=nws0304.htm