Re: AD 2000, Blank passwords, and Group Policy
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/16/04
- Next message: Steven L Umbach: "Re: Network Design"
- Previous message: Steven L Umbach: "Re: Hiding Services"
- In reply to: JASlaughter: "AD 2000, Blank passwords, and Group Policy"
- Next in thread: JASlaughter: "Re: AD 2000, Blank passwords, and Group Policy"
- Reply: JASlaughter: "Re: AD 2000, Blank passwords, and Group Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Sep 2004 23:39:42 GMT
I just created a user with a blank password on my test W2K dc and after I created the
user I was able to go back and select "must change password at next logon" without a
problem. Make sure that "user can not change password" is not enabled for that user
you are having a problem with. While not an elegant solution, you could set the
maximum password age to short duration such as ten days [temporarily of course, maybe
one week] which would require users to change their passwords if older than the
maximum [ most probably are very old if using blank ] and do not have password never
expires set in their account properties, which would cause some grief with users but
you got do what you got do. Just be sure to inform users of any new password rules
with examples of what will and will not work. VPN logons are not always logons to the
domain. It may help if you have the users specify the domain name when they logon
which requires that the VPN connectoid properties be changed to show the three
lines - logon name, password, domain. Shortening the maximum password age would force
users to change their passwords to gain access to domain resources. Just be sure the
minimum password age is not more then the maximum password age. I would strongly
encourage users to change their password voluntarily before you force a change and
you could enforce minimum password lenght and complexity before you enforce maximum
password age . --- Steve
"JASlaughter" <JASlaughter@discussions.microsoft.com> wrote in message
news:FEB81AD8-CE49-4AF3-B03F-A3993BE8983A@microsoft.com...
> Hello,
>
> I have a situation that I cannot seem to solve. I've looked on the web and
> even went through my old 2000 MCSE study books.
>
> Here is my situation:
>
> Issue #1
> ======
> I need to force users to change their password upon next logon -without-
> changing their currently _blank_ password. AD U/C won't let me set that
> option on a user with a blank password.
>
> If I absolutely have to create a password for these users to accomplish
> this, is there a way to create a password for all users with a currently
> blank one? (It could be the same for all users).
>
> Issue #2
> ======
> I'm connecting remotely via Kerio's VPN service (just FYI). When connecting
> to a resource with a user that -does- have the force password change checked,
> I'm not prompted to change my password. I seem to be able to connect using
> my old password.
>
> Can someone out there point me in the right direction?
- Next message: Steven L Umbach: "Re: Network Design"
- Previous message: Steven L Umbach: "Re: Hiding Services"
- In reply to: JASlaughter: "AD 2000, Blank passwords, and Group Policy"
- Next in thread: JASlaughter: "Re: AD 2000, Blank passwords, and Group Policy"
- Reply: JASlaughter: "Re: AD 2000, Blank passwords, and Group Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
