Re: Group password reset

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/01/05

• Next message: Byron Hynes [MS]: "Re: Group password reset"
• Previous message: Steven L Umbach: "Re: Question about download blockers and Parental Controls..."
• In reply to: Byron Hynes [MS]: "Re: Group password reset"
• Next in thread: Byron Hynes [MS]: "Re: Group password reset"
• Reply: Byron Hynes [MS]: "Re: Group password reset"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 1 Oct 2005 13:01:56 -0500

Good ideas but beware that any user accounts that have their account
configured with "password never expires" will not have their password expire
via maximum password age if that is a concern. --- Steve

"Byron Hynes [MS]" <bhynes@online.microsoft.com> wrote in message
news:50cb70802d49b8c7943101e8571a@msnews.microsoft.com...
>A few options come to mind:
>
> 1. Set the domain password policies to expire passwords in 1 week (turn
> this policy off after 6 days). This will catch most people, do the few who
> are out of the office manually.
>
> 2. Create a logon script that checks the last time it was run, if it
> hasn't run before, then use the script to fire off a command like "net
> user BillG * /domain" to change the users password, like this:
>
> C:\Documents and Settings\bph>net user bph *
> Type a password for the user:
> Retype the password to confirm:
> The command completed successfully.
>
> [Note that isn't a domain account]
>
> 3. Create a logon script similar to the above, but use ADSI.
>
>
> Byron Hynes
> Windows Server
> Microsoft Corporation
>
> http://spaces.msn.com/members/byronphynes
>
>> No, it's W2K.
>>
>> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
>> news:P7mdnZ_okPZF9KHeRVn-iw@comcast.com...
>>
>>> Do you have a Windows 2003 domain controller?? --- Steve
>>>
>>> "Jon LaBarge" <jonlabarge@comcast.net> wrote in message
>>> news:eJhYrNUxFHA.628@TK2MSFTNGP10.phx.gbl...
>>>
>>>> Sigh....
>>>>
>>>> Alas, the group select option will not work.
>>>>
>>>> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in
>>>> message news:3d6dnUWf9-NcyKHeRVn-uQ@comcast.com...
>>>>
>>>>> If you have a Window 2003 domain controller you can do that with
>>>>> Active Directory Users and Computers. I believe you highlight all
>>>>> the user accounts, select properties, and then select user must
>>>>> change password at next logon. I am going by memory so it may be a
>>>>> little more complicated [not much] than that but that should get
>>>>> you started in the general direction. You can also use the AD
>>>>> command line tools for dsquery for user and dsmod for users of
>>>>> which you can pipe the results from dsquery to dsmod. Use | between
>>>>> two commands with space before and after to pipe. If you have a
>>>>> Windows 2000 domain you still can use the AD command line tools if
>>>>> you install adminpak for Windows 2003 [free download from MS] onto
>>>>> a Windows XP Pro domain computer and logon as a domain
>>>>> administrator or use runas for those tools.
>>>>>
>>>>> You might want to rethink doing all the accounts in one day. Maybe
>>>>> do a fourth or so the first day to see how it goes so as to not
>>>>> flood support with calls. Be sure users are educated as to what the
>>>>> requirements are for new passwords with specific examples. You
>>>>> might be surprised to find out how hard users find this to be. ---
>>>>> Steve
>>>>>
>>>>> http://www.ss64.com/nt/dsmod.html -- dsmod example.
>>>>>
>>>>> "Jon LaBarge" <jonlabarge@comcast.net> wrote in message
>>>>> news:e%23vqG0SxFHA.612@TK2MSFTNGP10.phx.gbl...
>>>>>
>>>>>> Is there a way to force all users in AD to reset their password at
>>>>>> the next logon without having to do each account 1 by 1? We have
>>>>>> implemented PassFilt Pro SPE and I would like for all user to
>>>>>> change their passwords to meet the new complexity requirements on
>>>>>> the go-live day. Any suggestions?
>>>>>>
>>>>>> Thx,
>>>>>>
>>>>>> Jon
>>>>>>
>
>

---

• Next message: Byron Hynes [MS]: "Re: Group password reset"
• Previous message: Steven L Umbach: "Re: Question about download blockers and Parental Controls..."
• In reply to: Byron Hynes [MS]: "Re: Group password reset"
• Next in thread: Byron Hynes [MS]: "Re: Group password reset"
• Reply: Byron Hynes [MS]: "Re: Group password reset"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Cannot open Control panel/IE/network Connections. ... I have seen issues like this when user accounts have a blank space ... the system to query the netlogon share of the authentication domain ... Remove the space from the 'Logon Script' attribute of the user. ... So try disabling the Diskeeper software and restarting the computer. ... (microsoft.public.win2000.general) Re: password ... go to your User Accounts and set the account to not ... let the password expire. ... This posting is provided "AS IS" with no warranties, ... When Windows boots I get the message "Password ... (microsoft.public.windowsxp.general) RE: Printers queues ... If you have a new printer server in Windows 2003 domain, ... logon script defined on the user account. ... As for the old user accounts in NT domain, they will still use the old ... (microsoft.public.windows.server.migration) Re: password ... >Through Control Panel, go to your User Accounts and set ... >let the password expire. ... When Windows boots I get the ... (microsoft.public.windowsxp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)