Re: Maximum password age - Need Proof

As Joe already said (twice), you can set password policy only on domain
level (for domain accounts), not OUs.
Anyway I'm taking this chance guys to ask if someone knows if you can change
the value of PasswordLastChanged so that your password will expire quicker.
Any idea?

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au


"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:uILY0WtVHHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
Once again, you cannot set a one day expiration for individual accounts or
OUs for domain IDs. The domain account policy is domain wide.



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Paul Labuda wrote:
Franky,

I would like to suggest a potentially job-saving step to add to the
suggestions already made. It makes a whole lot of sense to me to speak
with your CIO about any such shortening of his password expiry *before*
you do it to him. Another, probably safer, tactic would be to create a
test user in a test OU, and apply a one-day password expiry GPO on that
OU to show the CIO that password expiration GPOs work as promised.

Thank you,

--

Paul Labuda
Senior Support Engineer
Visual Click Software, Inc.
http://www.visualclick.com/?source=20070222PasswordExpiration


"Franky M." <FrankyM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:18C0A950-BADA-4628-8582-D5EA8A615614@xxxxxxxxxxxxxxxx
I have the Maximum password age set to 90 days and I'm sure it's working
fine
YET the CIO wants to see proof that it's working.
He wants something like an entry in Event Viewer showing the forcing of
a
password due to the policy.

What can I do?


.

Relevant Pages

  • Re: GPOs not being applied
    ... The user policy was applied to ... >>2) create a new user named Joe in the OU ... >>3) create a new GPO and link it to the new OU ... >>> problem server, and all tests passed. ...
    (microsoft.public.win2000.group_policy)
  • Re: PasswordFilter and ASP.NET
    ... looking at the set policy. ... Joe Richards Microsoft MVP Windows Server Directory Services ... >>Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.platformsdk.security)
  • Re: OBusted
    ... scout-leader being presented as a topic for discussion. ... Except it is *NOT* the policy of the BSA. ... Joe - Linux User #449481/Ubuntu User #19733 ... joe at hits - buffalo dot com ...
    (alt.smokers.cigars)
  • Re: cannot permantly delete spam message
    ... > Joe wrote: ... >> until the maintenance schedule goes into effect for that recipent policy. ... Junk Mail forder is not listed on the regular choice ... >>>can create et setup to cleanup. ...
    (microsoft.public.windows.server.sbs)
  • Re: Applying Group Policies
    ... Lets call them Laptop. ... I want to turn off that group policy. ... I would setup local and Domain accounts. ... Visit Topic URL to contact author (reg. ...
    (microsoft.public.win2000.group_policy)