Re: Account Lockout Policies

Roger Abell [MVP] wrote:

[snip]

Perhaps your more direct option would be to adjust the days of nonuse
and password change intervals so they are the same, and then nightly
read accounts with expired passwords and verify they are disabled.

Roger,

Slight flaw there. Imagine a user who last used the system just before the password change reminder. Let's assume 14 days. Now, that user will have an expired password in 14 days, not 30 days. Now remember that most users (IMO) won't change their password until they absolutely positively have to....

Bogwitch.
.

Relevant Pages

  • Re: Account Lockout Policies
    ... and password change intervals so they are the same, ... read accounts with expired passwords and verify they are disabled. ... of first expiry of the pwd, disabling only upon an ...
    (microsoft.public.security)
  • Re: Mass change passwords on service and scheduled tasks
    ... Policy #2: We will force a password change of maintanence accounts that do ... Then SOX auditors would expect you to follow these policies. ...
    (microsoft.public.win2000.networking)
  • RE: user accounts expire
    ... Although password change frequency is a domain wide setting, ... the actual change is dependent on the users' accounts themselves, ... Do you have contractors or vendors assigned accounts configured this ...
    (microsoft.public.win2000.active_directory)
  • Re: local passwords mysteriously changed on several networked comp
    ... > machines it appears that there has not been a password change near ... resource kit that can remotely mass-modify user accounts. ...
    (microsoft.public.win2000.networking)
  • Re: lock user account on aix 4.3.3
    ... >>Anybody knows how to let ssh know about password change? ... see the AIX section in README.platform. ... Most user accounts can't therefore use ...
    (comp.unix.aix)