Re: Remote Laptop Users & Password expiration

Another way to solve this if you still want to enforce the password policy
is to build an email-based notification system. This is what we do
internally and it works well with over 100K users not joined to the domain
and often working in remote networks.

There are some details of how to calculate this in ch 10 of our book that
could be used as the core of a function to build such a thing if a .NET
implementation was interesting. Ch 10 is available as a free download from
the site in my sig.

www.joeware.net has some tools that make this easier to do from script as
well.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Wrighty" <Wrighty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2E5D6155-5687-437B-B1CB-8C75B6396F7F@xxxxxxxxxxxxxxxx
Yes there is a Group Policy that forces passwords to expire after 42 days,
but any user accounts with "Password Never Expires" ticked will be
ignored.
That is the purpose of this setting, you could always change the Default
Domain Policy itself, so that the "Maximum Password Age" value is zero
instead of 42. It depends on how secure your needs are, but that would
effectively prevent all user accounts from expiring.

Hope it helps

"Seth" wrote:

But there will be a group policy for security that forces passwords to
expire in 42 days?
If i tick "password never expires" for a user, i think group policy will
overwrite that setting?

"Wrighty" <Wrighty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8FD9F045-A2A5-4DC2-B883-2E879D925B40@xxxxxxxxxxxxxxxx
If your laptops are joined to a domain you will need to run Active
Directory
Users and Computers, navigate to the user who's password you don't want
to
expire after 42 days, goto the Account tab for that user and tick
"Password
Never Expires". Your password for that user should not expire from now
on.
There is a setting in the Default Domain Policy, called Maximum
Password
Age,
this by default is set to 42 which is why your passwords expire after
that
time.

Hope that helps.





.

Relevant Pages

  • Re: Password never expires-cant force user to change password
    ... Password policy on the domain for domain users is all or nothing. ... You want to implement a new password expiration policy. ... > Expire your departments manually. ... I'm just not a very good script writer and am not very confident. ...
    (microsoft.public.windows.server.active_directory)
  • RE: active directory password policy
    ... I wrote my own tool via a PHP script which does basically ... what the PEWA does *and* only sends it to the folks that are about to ... > about to expire. ... > Subject: active directory password policy ...
    (Focus-Microsoft)
  • Re: Using Old Fast Passes???
    ... Do you want the "official policy" answer or the "get away with every ... sneaky trick you can" answer? ... Official policy is that unused FPs expire no ...
    (rec.arts.disney.parks)
  • Re: Password Expiry Problems
    ... Password expirations are a calculated value based upon the maxPwdAge ... What happens then is that the PwdlastSet attribute gets set to 0 ... the time the policy was set. ... Our Group Policy was set to expire user passwords every 45 days. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Forcing Users To Change Passwords
    ... " Also, each user account specifies that their password will never expire, ... do I have to go change each of these user accounts? ... Group Policy override this? ... policy is in regards to settings associated with account lockouts. ...
    (microsoft.public.windows.server.active_directory)