Re: Maximum password age
From: Phillip Windell (_at_.)
Date: 10/04/04
- Next message: t: "Windows cannot obtain the domain controller name"
- Previous message: uts.kit.serverdrift_at_news.postalias: "Re: Incremental update when deploying updated Office XP SP3?"
- In reply to: Dave Munday: "Re: Maximum password age"
- Next in thread: Gautam Anand: "Re: Maximum password age"
- Reply: Gautam Anand: "Re: Maximum password age"
- Reply: Dave Munday: "Re: Maximum password age"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 4 Oct 2004 09:43:25 -0500
Not sure, but I don't think you can "un-expire" a password once it has
expired. You new policy would take effect with the new password.
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com "Dave Munday" <thehappymundays@hotmail.com> wrote in message news:evgIGlhqEHA.3848@TK2MSFTNGP14.phx.gbl... > Gautam > > many thanks for your reply, I do not want to change the users password as we > are a school and it is quite hard work somedays to get the students to log > on at all :) > > I have in Domain Default Policy set the maximum password age to 'not > defined' > > I have run gpupdate /force and a 1704 has been recorded in the > ApplicationLog > > I have just rebooted one of my clients, tried to logon and am still prompted > to change my password > > > Thanks again anybody for any support > > Dave > > > "Gautam Anand" <gautam@hotpop.com> wrote in message > news:eADi2ugqEHA.2612@TK2MSFTNGP15.phx.gbl... > > 0. I would consider it as a bad move to not have my 900 users change > > their passwords every 30 days or so. You obviously have a decent sized > > domain which incr the chances of a users account being compromised. > > Bad Idea!! > > > > However if you still have a reasonable business need to do the same, > > > > 1. At what level did you check for the Account Policies ie using RSOP > > or At a client level? > > 2. The Account policies take effect when put at the domain level. That > > is where they exist by default. > > 3. So open the Default Domain Policy from AD Users and Computers, > > modify the settings under Account Policies. > > 4. Then on the Domain Controllers refresh the policy so it takes > > effect. You can update > > Windows 2000 by this command : secedit /refreshpolicy machine_policy > > /enforce > > Windows 2003: gpupdate /force (same command for XP pro machines too) > > 5. Look for a corresponding Event id 1704 in the Application Event > > Logs which confirms Group Policies have been applied successfully. > > > > But again, re-consider putting this option at NOT CONFIGURED unless > > you already have another more restrivtive policy in place and Im just > > babbling away like crazy. > > > > Good luck > > > > -- > > Gautam Anand > > e: gautam at hotpop dot com > > --------------------------------- > > "Dave Munday" <thehappymundays@hotmail.com> wrote in message > > news:%23ZMLULgqEHA.3728@TK2MSFTNGP09.phx.gbl... > > | When I originally set securitry settings I didn't change the maximum > > | password age so the default setting of 42 days was applied. > > | > > | I have now reset the setting to 'not defined', however my users - > > all 900 - > > | are now being prompted at the 42 day stage. > > | > > | Is it too late? Once set the initial password expiry at 42 days > > will it > > | have to be changed despite the new 'not defined' setting > > | > > | Thanks > > | > > | Dave > > | > > | > > > > > >
- Next message: t: "Windows cannot obtain the domain controller name"
- Previous message: uts.kit.serverdrift_at_news.postalias: "Re: Incremental update when deploying updated Office XP SP3?"
- In reply to: Dave Munday: "Re: Maximum password age"
- Next in thread: Gautam Anand: "Re: Maximum password age"
- Reply: Gautam Anand: "Re: Maximum password age"
- Reply: Dave Munday: "Re: Maximum password age"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
