Re: Maximum password age
From: Dave Munday (thehappymundays_at_hotmail.com)
Date: 10/04/04
- Next message: Tobias Sandberg: "Custom user interface"
- Previous message: Gautam Anand: "Re: Maximum password age"
- In reply to: Gautam Anand: "Re: Maximum password age"
- Next in thread: Phillip Windell: "Re: Maximum password age"
- Reply: Phillip Windell: "Re: Maximum password age"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 4 Oct 2004 15:50:49 +0200
Gautam
many thanks for your reply, I do not want to change the users password as we
are a school and it is quite hard work somedays to get the students to log
on at all :)
I have in Domain Default Policy set the maximum password age to 'not
defined'
I have run gpupdate /force and a 1704 has been recorded in the
ApplicationLog
I have just rebooted one of my clients, tried to logon and am still prompted
to change my password
Thanks again anybody for any support
Dave
"Gautam Anand" <gautam@hotpop.com> wrote in message
news:eADi2ugqEHA.2612@TK2MSFTNGP15.phx.gbl...
> 0. I would consider it as a bad move to not have my 900 users change
> their passwords every 30 days or so. You obviously have a decent sized
> domain which incr the chances of a users account being compromised.
> Bad Idea!!
>
> However if you still have a reasonable business need to do the same,
>
> 1. At what level did you check for the Account Policies ie using RSOP
> or At a client level?
> 2. The Account policies take effect when put at the domain level. That
> is where they exist by default.
> 3. So open the Default Domain Policy from AD Users and Computers,
> modify the settings under Account Policies.
> 4. Then on the Domain Controllers refresh the policy so it takes
> effect. You can update
> Windows 2000 by this command : secedit /refreshpolicy machine_policy
> /enforce
> Windows 2003: gpupdate /force (same command for XP pro machines too)
> 5. Look for a corresponding Event id 1704 in the Application Event
> Logs which confirms Group Policies have been applied successfully.
>
> But again, re-consider putting this option at NOT CONFIGURED unless
> you already have another more restrivtive policy in place and Im just
> babbling away like crazy.
>
> Good luck
>
> --
> Gautam Anand
> e: gautam at hotpop dot com
> ---------------------------------
> "Dave Munday" <thehappymundays@hotmail.com> wrote in message
> news:%23ZMLULgqEHA.3728@TK2MSFTNGP09.phx.gbl...
> | When I originally set securitry settings I didn't change the maximum
> | password age so the default setting of 42 days was applied.
> |
> | I have now reset the setting to 'not defined', however my users -
> all 900 -
> | are now being prompted at the 42 day stage.
> |
> | Is it too late? Once set the initial password expiry at 42 days
> will it
> | have to be changed despite the new 'not defined' setting
> |
> | Thanks
> |
> | Dave
> |
> |
>
>
- Next message: Tobias Sandberg: "Custom user interface"
- Previous message: Gautam Anand: "Re: Maximum password age"
- In reply to: Gautam Anand: "Re: Maximum password age"
- Next in thread: Phillip Windell: "Re: Maximum password age"
- Reply: Phillip Windell: "Re: Maximum password age"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
