Re: Password Policy

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Jerold Schulman (Jerry_at_jsiinc.com)
Date: 01/18/05 

Date: Tue, 18 Jan 2005 13:13:12 -0500

On Tue, 18 Jan 2005 09:14:40 +0100, "Morten H Andersen" <na@na.na> wrote:

>Hi :-)
>
>Is it possible to set the password policy attributes in the registration
>database or with a commandline?
>
>regards
>
>- Morten H Andersen -
>

net accounts /?

>From Help:

Net accounts Updates the user accounts database and modifies password and logon requirements for all accounts.

Syntax
net accounts [/forcelogoff:{Minutes | no}] [/minpwlen:Length] [/maxpwage:{Days | unlimited}] [/minpwage:Days] [/uniquepw:Number] [/domain]

Parameters
/forcelogoff:{Minutes | no}
Sets the number of minutes to wait before ending a user's session with a server when the user account or valid logon time expires. The default value, no, prevents users from being forced to log off.
/minpwlen:Length
Sets the minimum number of characters for a user account password. The range is from 0 through 127 characters and the default is six characters.
/maxpwage:{Days | unlimited}
Sets the maximum number of days that a user account's password is valid. The unlimited value sets no maximum time. The /maxpwage command-line option must be greater than /minpwage. The range is from 1 through 49,710 days (that is, unlimited
equals 49,710 days), and the default value is 90 days.
/minpwage:Days
Sets the minimum number of days before a user can change a new password. The default value is zero days, which sets no minimum time. The range is from 0 through 49,710 days.
/uniquepw:Number
Requires a user to not repeat the same password for the specified Number of password changes. The range is from 0 through 24 password changes, and the default is five password changes.
/domain
Performs the operation on the primary domain controller of the current domain. Otherwise, the operation is performed on the local computer.
net help Command
Displays help for the specified net command.
Remarks
The Net Logon service must be running on the computer where you want to change account parameters. Used without parameters, net accounts displays the current settings for password, logon limitations, and domain information.
You must do the following before you can use net accounts:
Create user accounts. Use User Manager or net user to set up user accounts.
Run the Net Logon service on all servers that verify logon in the domain. Net Logon starts automatically at startup.
When you use /forcelogoff:Minutes, a warning is sent minutes before users are forced to log off from the network. Users are also notified if any files are open. If Minutes is less than two, users are warned to log off from the network
immediately.
Examples
To display the current settings, the password requirements, and the server role for a server, type:

net accounts

To set a minimum of seven characters for user account passwords, type:

net accounts /minpwlen:7

To specify that users can reuse a password only after the fifth time they change passwords, type:

net accounts /uniquepw:5

To prevent users from changing passwords more often than every seven days, force users to change passwords every 30 days, and force users to log off after the logon time expires with a five-minute warning, type:

net accounts /minpwage:7 /maxpwage:30 /forcelogoff:5

To ensure that the preceding settings take effect for the domain that the computer is logged on to, type:

net accounts /minpwage:7 /maxpwage:30 /domain

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com

Relevant Pages

  • Re: Server 2003 Local Login
    ... No that's not possible, only domain accounts can be used for logon at DCs, ... the same behavior in Windows 2000 Server. ... >> Microsoft MVP - Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password Policy
    ... Net accounts Updates the user accounts database and modifies password and logon requirements for all accounts. ... Sets the number of minutes to wait before ending a user's session with a server when the user account or valid logon time expires. ...
    (microsoft.public.windows.group_policy)
  • Re: Password Policy
    ... Net accounts Updates the user accounts database and modifies password and logon requirements for all accounts. ... Sets the number of minutes to wait before ending a user's session with a server when the user account or valid logon time expires. ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Upgrade from W2K Server to Server 2003 "gotchas"...
    ... > Server because you can't simply upgrade!??! ... I go to the first workstation and try to ... I did the registry edit and pointed the logon to the old user ... > logon to my local machine accounts but not ...
    (microsoft.public.windows.server.networking)
  • Re: Cannot login using new accounts
    ... I am encountering logon problems when using new created profiles....some old profiles work well. ... logging from an xp client connected to server ... If you created local accounts on a 2003 member server or stand-alone server, and you are trying to use RDP to log on to that server, the users must be part of the local 'users' or 'power users' group to have logon privs on that server. ... Users must be members of 'Domain Admins' or 'Enterprise Admins' to have logon privs on the domain controller. ...
    (microsoft.public.cert.exam.mcsa)