Re: Password expires for no apparent reason

Hi,

Nice to hear from you Mr. Brian Delaney long time no chat. Hope MS is
treating you well.

Steve, this is from your output and you state you have no lockout
policy..


Lockout threshold: 5
Lockout duration (minutes): 30
Lockout observation window (minutes): 30

You say that the admins have to reset the password, but is that because
it is expired or because it is locked out? When your password expires
end users are required to reset their password to meet the requirements
within your Default Domain Policy.
You have to reset a password as an admin if the password is forgotten,
lost, account is locked out.
When an admin reset's the password, do they also have to unlock the
account?

Good luck

Harj Singh
Password Policy done right
www.specopssoft.com


stever wrote:
Yes, we understand about the 120 days, but we've got passwords apparently
expiring after 30, 45, 57 days.

But, now that I think about it, there's a min and max password age. Does
that mean a password can expire at any time within that range? I.e. should
min & max be the same (120 days) for a password to expire at 120 days?

"Brian Delaney [MSFT]" wrote:

Hi Steve,

Based on the net accounts output you posted from a DC it appears that there
is a password policy in place which will cause the passwords to expire:
Maximum password age (days): 120

Check the Group Policies, particularly the Default Domain Policy, that you
have linked at the Domain Level in Active Directory.
Max Password Age is set under:
Computer Configuration\Windows Settings\Account Policies\Password
Policy\Maximum password age

If you wish for passwords to never expire this will need to be configured
as 0.

Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Password expires for no apparent reason
thread-index: AcbAipJe2cjPQQrhTUWC5pqvsGuYhA==
X-WBNR-Posting-Host: 192.188.254.2
From: =?Utf-8?B?c3RldmVy?= <stever@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <1D79CFC1-2284-4C48-8D10-4F70BF2F793D@xxxxxxxxxxxxx>
<wF4b3oivGHA.1992@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Password expires for no apparent reason
Date: Tue, 15 Aug 2006 09:48:02 -0700

1) There is no error. User goes to Sharepoint site and gets login pop-up.

Enters domain/username & password and control goes right back to login
pop-up. No error text.

2) Not likely they're forgetting. This happens to people who have been on
the portal. I cannot login when I try either.

3) Will have to try logging in directly.

4)
Force user logoff how long after time expires?: Never
Minimum password age (days): 1
Maximum password age (days): 120
Minimum password length: 6
Length of password history maintained: 10
Lockout threshold: 5
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: PRIMARY


Thanks Brian, let me know if you need anything else...

"Brian Delaney [MSFT]" wrote:

Hi Steve,

I just have a few questions I would like you to answer to gain a better
understanding of the issue.

What is the verbatim error that the users experience when you know the
users password needs to be reset?
How many users are experiencing this problem? Is it possible that they
have just forgotten their password?

If you try to log on to a Windows 2000 or XP desktop that is joined to
the
domain with one of these problem accounts what is the error that you
receive?

Please run "net accounts" from the command line on a domain controller
and
post the results so we can verify the domain password policy.


Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
Thread-Topic: Password expires for no apparent reason
thread-index: Aca9a+qOjnOssMHcTgi9D9mgAfOEyw==
X-WBNR-Posting-Host: 192.188.254.2
From: =?Utf-8?B?c3RldmVy?= <stever@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Password expires for no apparent reason
Date: Fri, 11 Aug 2006 10:31:02 -0700

Our users login to our sharepoint portal and AD does the username and
password check.

We having the occurance that passwords have to be reset for a random
group
of users every few weeks.

However, there's no password expiration set, there no account lockout
if
too
many failed tries, no inactivity lockout, etc.

Any ideas? Thanks







.

Relevant Pages

  • Re: Force password reset for administrator
    ... When I logon to an account where the password has ... Except if the account is set so that "Password never expires", ... Microsoft MVP Scripting and ADSI ... expired, your code would configure so passwords no longer expire. ...
    (microsoft.public.scripting.vbscript)
  • Re: /etc/default/passwd and SSH
    ... SYNOPSIS: Description of "Password Aging" ... The warn field is the number of days of warning the user gets on login ... the expire field perform very distinct functions that are in no way related. ... The account should be disabled after a week so that it can not ...
    (Focus-SUN)
  • Re: expired passwords
    ... To expire a password for a user and then try to log back in for that ... You must change your password now and login again! ... If password aging has been enabled for your account, ... you don't actually know if you typed an incorrect username or an incorrect password. ...
    (Fedora)
  • Re: Security Alert: Windows 2000 Expired Password Vulnerability
    ... I have never seen a password expire for a windows user account where there ... You might check your policy again. ... I am not familiar with Norton vpn client but with the built in W2K/XP Pro ...
    (microsoft.public.win2000.security)
  • Re: PwdLastSet
    ... AD Password expiration is handled in a very simple way and done when a user attempts to log on (or their account is otherwise trying to auth). ... Now I simply compare pwdLastSet against that value and anything less than it is expired. ... Directory: Windows Server 2003 ...
    (microsoft.public.win2000.active_directory)
Quantcast