Re: Password Policy Enforcement Question
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Sat, 17 Nov 2007 06:53:51 -0000
Hi
-When you change the rules, those rules will be applied to user s the next
time they try to change their Password (regarding to complexity option).
-The password expiration is calculated by comparing the policy to the
pwdLastSet attribute and checking the current time and date at the point of
authentication.
- password last changed date + maximum password age
- For example if you change the password expiration to 60 days, anyone who
last changed their password 60 or more days ago will be expired when you
implement the policy. If you have not expired passwords in the past, this
could expire most users.
--
===================================
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
===================================
"Paul" <pauldi@xxxxxxxx> wrote in message
news:5837d853-14e0-4b46-8bc0-eda8fdf8046c@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Greetings,
I am about to implement a strict password policy on my Windows 2003 AD
domain. I was wondering if this takes effect immediately and will
lock out all users without "strong" passwords, or if it will allow the
old passwords to remain active for the period outlined in the policy
and then require a strong password upon expiration.
If it is the former, is there a way to prevent this? I have no doubt
in my mind that the majority of users have weak passwords and locking
them all out at once would be bad. Thanks.
.
- References:
- GPO: Password Policy Enforcement Question
- From: Paul
- GPO: Password Policy Enforcement Question
- Prev by Date: Re: Expand DHCP Scope
- Next by Date: Re: error message trying to log into dc after rebooting dc
- Previous by thread: GPO: Password Policy Enforcement Question
- Next by thread: RE: ntfs permissions and AD restore password
- Index(es):
Relevant Pages
|
