Re: Password aging

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance


Thank you for all responses. We have many laptop users using VPN. When they first login to the laptop, they'll use the cached credentials, then they may login to VPN, if their password is set to expire, will they get a prompt to change password in a middle of a session? Or will the system set a flag next time when the system is rebooted?

If it's set to change pwd on next reboot, they won't be able to change as the laptop will not be connected to the corporate network at the time. How should this be handled?

Thanks again for your help.


"Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxx> wrote in message news:OIoRkDbIKHA.2516@xxxxxxxxxxxxxxxxxxxxxxx
Depending on how many users you have you may want to tread lightly. If no one has ever changed there password and they are all over 90 days you could end up flooding your help desk with phone calls.

Your password change policy will take effect once the password has aged out and yes the local never expires will over for your service accounts.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Newbie" <newbie@xxxxxxxxxxxxxxxx> wrote in message news:%23JuBkBaIKHA.1492@xxxxxxxxxxxxxxxxxxxxxxx
We'll be implementing password aging soon, if a user never changed the AD password for 1 year, I set the maximum age to 90 days. Will the password be expired the day the policy is enabled? Or it will be 90 days once the policy is set?

For all service accounts, if I check off "Password never expires", this will override the setting set by domain policy?

Thanks for your input.



.

Relevant Pages

  • Re: Local Account & Password Policy Options Greyed out for Admins?
    ... Local Security Policy. ... their password if their user account is configured for password never ... expires. ... >I looked at the laptop today, figuring I'd just use the Group Policy Editor ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Local Account & Password Policy Options Greyed out for Admins?
    ... I've run several different domains over the years, NT 351 - Win2003, and I'd never heard of not being able to override password expiration in the user account settings, either. ... Reboot the computer and you should be able to change password policy in Local Security Policy. ... I have never seen or heard of a user having to change their password if their user account is configured for password never expires. ... Anyway, I looked at the laptop today, figuring I'd just use the Group Policy Editor to change to password expiration and lockout policies. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Remote Workplace
    ... Please ensure the laptop located in LAN network and joined the domain, ... Click Select Remote Users, ensure the user is in the users list. ... quotation marks) on the computer and then logoff and logon the laptop. ... The error "The local policy of this system does not permit you to log on ...
    (microsoft.public.windows.server.sbs)
  • Re: Vista LAPTOP client and SBS 2003 Environment
    ... So you're trying to join the laptop without disabling the sleep/hibernate ... From a group policy perspective, ... turn off the power management restrictions in the SBS Windows ... to the Windows Vista computer to see if there is such a Power Management ...
    (microsoft.public.windows.server.sbs)
  • Re: Folder Redirection Problem
    ... laptop group policy not being applied ... check the laptop settings and verify the SBS server is the only DNS ... Next try a manual "gpudate /force" to try to get the policy ...
    (microsoft.public.windows.server.sbs)