Re: First time Defining Password Policy

The password policy will only have affect WHEN the password is changed (or
better explained: when the password is tried to be written in to the
system). Only THEN will the system check if the password meets all
requirements.

However, don't forget about new users! If you create a user and set a pwd,
that pwd must of course meet the requirements (because of are setting the
password)

--
Cheers,
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Alan Byrne" <AlanByrne@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E873F68A-9BC3-4828-BFF9-F270DFFB28C6@xxxxxxxxxxxxxxxx
> Thanks Jorge, so just to make sure:
>
> Are you saying I can enable the password policies to whatever I like, but
> these wont take effect until the next time the user changes their
> password??
> ie users wont come in the day after I enable the policies and when logging
> in
> get an error saying their password doesnt meet etc?
>
> Thanks
>
> "Jorge de Almeida Pinto" wrote:
>
>> You can change the password policy to additional complexity without the
>> requirement of changing the password after a certain period.
>> That complexity will only apply at the moment the user changes their
>> password
>>
>> So you could:
>> * First communicate you are configuring this to the users, and guide them
>> with tips and examples. if you don't do that you will find papers all
>> over
>> the place with passwords. Also communicate the password must be changed
>> each
>> time after XX days.
>> * Configure the complexity requirements without a max age
>> * Tell every department to change the pwds accordingly
>> * Communicate again
>> * Configure the max age
>>
>>
>> --
>> Cheers,
>> # Jorge de Almeida Pinto #
>> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> -----------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test before implementing!
>> -----------------------------------------------------------------------------
>>
>>
>> -----------------------------------------------------------------------------
>> "Alan Byrne" <AlanByrne@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:C0D8C621-7F44-47F5-A238-907EAEA04840@xxxxxxxxxxxxxxxx
>> > Hi, my company (100+ users) have never had any password policies
>> > defined
>> > so
>> > everyone is either using a 4 letter password or nothing at all. This
>> > has
>> > always been the case. All DCs run Win2003. I plan to define all
>> > password
>> > policies except the complexity requirement policy, dont want to do too
>> > much
>> > all at once.
>> >
>> > I will go around one department per week requesting everyone to change
>> > their
>> > password so user passwords meet the password requirement before I
>> > actually
>> > switch on the password polcies. I hope this will ease user problems
>> > when
>> > policies take effect.
>> >
>> > Can anyone advise me if this is a good idea or give any advice on this
>> > doing
>> > this and if their is anything else I can do before and after enabling
>> > these
>> > policies? Basically I'm looking as much information regarding this as
>> > possible, I've trawled the internet but can only find info on how to do
>> > it,
>> > not what you can expect once its done, or help on planning to roolout
>> > these
>> > polcies. Thks as always.
>>
>>
>>


.

Relevant Pages

  • Re: First time Defining Password Policy
    ... You can change the password policy to additional complexity without the ... Also communicate the password must be changed each ... my company have never had any password policies defined ...
    (microsoft.public.windows.server.active_directory)
  • Password complexity policy not being enforced
    ... I've set up the password policy (under ... Computer Configuration\Windows Settings\Security Settings\Account Policies). ... Complexity Requirements are enforced ... Account is locked after 6 attempts ...
    (microsoft.public.win2000.group_policy)
  • Active Directory - Password Policy Requirements- Failing
    ... Windows 2003 Enterprise Server ... and could not recover from it. ... Password must meet complexity requirements ... The password does not meet the password policy requirements. ...
    (microsoft.public.windows.server.general)
  • Re: password policy by organizational unit
    ... and created accounts and set thepolicyin the OU to 10 characters. ... If you need to define two different policies to ... users have the strict policy of minimum length and change every 40 ... I can't speak for the other products, but with Password Policy ...
    (microsoft.public.windows.group_policy)
  • Re: Where to set the domain password policy up?
    ... Account Policies applied to Domain Controllers apply to all accounts stored on domain controllers - that is, to all domain accounts in that domain! ... I'd say apply at the domain level still - to have consistent policy for domain accounts in the domain as well as for local accounts on all computers in that domain. ... > Is it better to set a domain password policy up at the domain node level ...
    (microsoft.public.windows.server.active_directory)
Loading