Re: password age

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/09/04 

Date: Thu, 08 Jan 2004 23:35:05 GMT

Correct. Users with passwords older than 90 days in your case will be told that they
must change their passwords to be allowed to logon. It probably would not be much of
a problem, but my guess is you enabled other password policy such as password length
and complexity that may be causing users some angst as they find themselves unable to
find a suitable new password without some coaching. --- Steve

"Derek Marshall" <derekm@tomsofmaine.com-no spam> wrote in message
news:eLyjN8i1DHA.2604@TK2MSFTNGP09.phx.gbl...
> So am I correct to assume that the password age setting looks at the age of
> the password when it was originally set and does not begin counting when the
> policy is applied?
> D.
>
> "Steven L Umbach" <sumbach@nospam-ameritech.net> wrote in message
> news:5NjLb.22795$P%1.21721312@newssvr28.news.prodigy.com...
> > If you have users who you don't want to have their password expire, then
> > configure their accounts in Active Directory to have their password not
> > expire which will exempt them from password age policy. If you are
> concerned
> > about user confusion, then send everyone an email or other communication
> > explaining the change to them ahead of time giving them time to change
> their
> > passwords to new policy guidlines at their leisure. A ten day advance
> notice
> > with maybe a final notice two days before the change deadline should be
> > sufficient. --- Steve
> >
> >
> > "Derek Marshall" <derekm@tomsofmaine.com-no spam> wrote in message
> > news:u8A0wti1DHA.1356@TK2MSFTNGP10.phx.gbl...
> > > We migrated from an NT 4.0 domain about 18 months ago and are just now
> > > implementing password policies. The problem is when we set the password
> > age
> > > to 90 days everyone is affected since most passwords are older than 90
> > days.
> > >
> > > Is there an easy way around this?
> > >
> > > D.
> > >
> > >
> >
> >
>
>

Relevant Pages

  • RE: Bypassing Windows 2000 Domain Password settings
    ... My original issue was not just with minimum password age, ... There are 6 settings under Computer ... Controller policy was affecting my end result. ... If you tell it to block inheritance, ...
    (Focus-Microsoft)
  • Re: instituting ad password policy
    ... The basic thing I would recommend is take care of your users. ... I would wait a few days and then query AD for a password age report. ... policy then you should start enforcing it on your domain. ... You can use Richard's script to remove the "password never expires" flag ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password Policy in GPO dont work
    ... of the policy by hitting CTRL ALT DEL and clicking Change ... >the Password policy in GPO to give users couple of weeks ... >> The minimum password age is a setting to prevent users ... Also be sure to notify users ...
    (microsoft.public.win2000.group_policy)
  • Re: Can the password be changed before exceeding the age
    ... If you want to do this, you will have to change this part of the policy ... My recommendation would also be to have passwords longer then 3 characters. ... > Min. password age - 30 days ... > it is not accepting to do. ...
    (microsoft.public.windows.server.security)
  • Re: password age
    ... > If you have users who you don't want to have their password expire, ... > expire which will exempt them from password age policy. ... > explaining the change to them ahead of time giving them time to change ...
    (microsoft.public.win2000.security)