Re: Password settings in AD Policies

Tech-Archive recommends: Speed Up your PC by fixing your registry

hello

if you set PwdLastSet to -1, this will change the pwdLastSet value to "now"
(without having to reset the password), which will give you another 90 days
(or domain policy) before they have to be reset, this may help if you wish
to distribute the spead of password resets.

Mark






"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:%23wHqRbssHHA.3640@xxxxxxxxxxxxxxxxxxxxxxx

"JD" <dopamine@xxxxxxxx> wrote in message
news:1182283081.435408.104900@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 19, 9:39 am, "Herb Martin" <n...@xxxxxxxxxxxxxx> wrote:
"JD" <dopam...@xxxxxxxx> wrote in message

news:1182264426.878393.294900@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Jun 15, 1:44 pm, "Herb Martin" <n...@xxxxxxxxxxxxxx> wrote:
"JD" <dopam...@xxxxxxxx> wrote in message

news:1181936182.940763.162930@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

if I turn on password expiration, will it add a checkmark to the "user
much change password" box?

No, that is your job and choice.

The reason I ask is I'd like to know if
there's a way to enable the requirement, but run a script to uncheck
that box on some ID's after the policy is enabled.

No, how would that make sense? You said password expire after N days
but you are saying "no they don't".

These settings are for ALL users in the domain.

Also - I want to confirm that ID's with the "Password never expires"
checkbox are NOT affected by any password expiration policies.

Those are NOT affected -- this is the only built-in exception to the
password being the same for all users -- you can set "never expires"
for individual users.

I understand what you're saying, but I was asking whether the OS
checks that box when a person's password expires.

No it doesn't.

In this case, does
that box appear checked for all users since all the passwords would
expire? If that's the case, I could go back and uncheck the boxes for
users whose passwords I don't want to expire. Get it?

No. The password is expired -- the fact that they must also change the
password has no direct connection to the property that separately forces
this.

I liked that you wrote "Affects ALL users" and "those users are NOT
affected" next to each other. :-)


Thanks for all your replies.





.

Relevant Pages

  • Re: Password expires for no apparent reason
    ... Nice to hear from you Mr. Brian Delaney long time no chat. ... You say that the admins have to reset the password, ... lost, account is locked out. ... min & max be the same for a password to expire at 120 days? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password Reminders
    ... reset capability so if they forget the password or it expires they can reset ... The issue seems to be that the password reminder will flash up sating the ... is that their password will actually expire ... for the service desk operators to unlock and reset passwords and of course ...
    (microsoft.public.windows.server.general)
  • Password about to expire
    ... We are running Exchange 2003 on Windows 2003 Server, with the webmail feature ... expire, they try to log in and it tells them so. ... They are able to reset their password using the Webmail feature, ...
    (microsoft.public.exchange.admin)
  • Re: would there be alerts
    ... Doug, ... You are talking about needing to make a password last 36 weeks (180 days ... > Password policy is originally set to expire every 180 days. ... > When a user is hit by the reset, will he/she be notified that their ...
    (microsoft.public.win2000.security)
  • Re: active directory password policy
    ... Set the 'password does not expire' flag and make a note in your outlook ... calender to call them every few months and get them to reset the ... they're ever onsite) or via terminal services. ... > webmail via the Internet or an internal website to do timesheets via ...
    (Focus-Microsoft)