Re: When will password policy take effect
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Fri, 09 Dec 2005 01:32:59 GMT
Hi Epigram,
Thanks for your reply.
I am glad to hear the problem is resolved.
It is my pleasure to work with you in this post. If you encounter any
difficulties in the future, please submit the post to the newsgroup. We
are glad to be of the assistance.
Again, thank you for using Microsoft newsgroup. Have a nice day. :)
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "epigram" <nobody@xxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| References:
<1133907486.16d8d9af19fb5fc458aec010d8b1332e@xxxxxxxxxxxxxxxxxxx>
<XQRwdhw#FHA.3764@xxxxxxxxxxxxxxxxxxxxx>
<1133977542.a5d9e61a8317309e1b063a3cff1b6258@xxxxxxxxxxxxxxxxxxx>
<0fzrYH##FHA.1240@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: When will password policy take effect
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| Lines: 234
| Checksum-MD5: 7f4a1756b87ff5f80f8b3286475c7500
| Message-ID:
<1134049158.7f4a1756b87ff5f80f8b3286475c7500@xxxxxxxxxxxxxxxxxxx>
| Date: Thu, 08 Dec 2005 13:39:18 +0000
| Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!news.glorb.com!border1.nntp.dca.giganews.com!nntp.giganews.com!nx01.ia
d01.newshosting.com!newshosting.com!news-out.octanews.net!teal.octanews.net!
66.150.105.36.MISMATCH!statler.nntpserver.com!news.nntpserver.com!not-for-ma
il
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:228723
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Crina,
|
| I don't have a problem here. All seems to work as expected, and I was
just
| commenting on what my results were. It appears that every user whose
| password didn't meet the new policy was forced to change their password
the
| next time they logged on. That makes sense. Also, as you pointed out,
and
| this should've been obvious to me, the admin account had the password
never
| expires checkbox so that is why a change wasn't forced there.
|
| Thanks!
|
|
| ""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:0fzrYH%23%23FHA.1240@xxxxxxxxxxxxxxxxxxxxxxxx
| > Hi Epigram,
| >
| > Thanks for your reply.
| >
| > To narrow down the problem, would you please help me collect the
following
| > information?
| >
| > 1. What detailed policy you have set on password policy?
| > 2. Check the user account:
| >
| > 1) Open Server Management, and then click Users.
| > 2) Double click a user account and then click Account tab.
| > 3) Check if you have selected User must change password at next logon.
| > 4) If so, uncheck the option and then try again.
| >
| > 3. Check the Administrator:
| >
| > 1) Double click Administrator and then click Account tab.
| > 2) Uncheck Password never expires and then check User must change
password
| > at next logon.
| > 3) Try to see if the policy took place.
| >
| > 4. Check what is the value of the Maximum password age on the group
Policy
| > Object Editor:
| > 5. Change the password to meet the policy for domain accounts, does the
| > situation occur?
| > 6. Please post a screen shot to newsgroup when the situation occurs.
| >
| > I am appreciated your time and I look forward to hearing from you.
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > --------------------
| > | From: "epigram" <nobody@xxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | References:
| > <1133907486.16d8d9af19fb5fc458aec010d8b1332e@xxxxxxxxxxxxxxxxxxx>
| > <XQRwdhw#FHA.3764@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: When will password policy take effect
| > | |
| > | Here is what I experienced after making the password policy update.
| > |
| > | 1) The policy took place as soon as any user attempted to log on to
the
| > | network.
| > | 2) The policy did not seem to apply to the admin account for my SBS.
| > |
| > |
| > | ""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
| > | news:XQRwdhw%23FHA.3764@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > Hi Epigram,
| > | >
| > | > Thank you for posting in SBS newsgroup.
| > | >
| > | > As I know, password policy only works on the user account which you
| > | > created
| > | > after the policy is enabled/applied. Existing user account can use
| > their
| > | > current, non-complex password. When the password reaches its max
age,
| > | > system will prompt users to change their password and at this time,
| > they
| > | > will be restricted by the policy.
| > | >
| > | > You may need to change the Maximum password age from domain
| > | > policy\security
| > | > settings\account policies, you can set it to 1 day and when every
user
| > | > logs
| > | > on, they will receive the message that the password will expire
today,
| > | > when
| > | > users changes their password, the password complexity policy
applies
| > to
| > | > all
| > | > users.
| > | >
| > | > Regarding Account Lockout Policy, by default, if your account gets
| > locked,
| > | > you may need to wait 30 minutes to end up locking yourself out. You
| > can
| > | > also use the following method:
| > | >
| > | > Suggestion 1:
| > | >
| > | > 1. When an account is locked, you can right click the user account
on
| > | > Server Management and then select Properties.
| > | > 2. On Account tan, click Account is locked out.
| > | >
| > | > Suggestion 2:
| > | >
| > | > 1. Expand Advanced Management | Group Policy Management | Forest |
| > Domains
| > | > | server name.
| > | > 2. Click Small Business Server Lockout Policy.
| > | > 3. Click Delegation tab, and then click Advanced.
| > | > 4. Select the administrator account and then Deny Apply Group
Policy
| > for
| > | > the account.
| > | >
| > | > Hope it helps and I look forward to hearing from you.
| > | >
| > | > Best regards,
| > | >
| > | > Crina Li (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > =====================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
| > check
| > | > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > | > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | >
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | > --------------------
| > | > | From: "epigram" <nobody@xxxxxxxxxxx>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | Subject: When will password policy take effect
| > | > | |
| > | > | I'm going to update my password and account lockout policies (to
| > meet
| > | > the
| > | > MS
| > | > | "Recommended Account Lockout Settings" & "Recommended Password
| > Policy
| > | > | Settings" for Medium security found at
| > | > |
| > | >
| >
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
| > | > security/bpactlck.mspx#EQAA)
| > | > | and I'd like to know what will happen when users start to log in
| > after I
| > | > | make the change? For instance, will they immediately be forced to
| > | > update
| > | > | their passwords to meet the new criteria (if their current
password
| > | > | doesn't), or will this only occur once their current password
| > expires?
| > | > |
| > | > | Also, are there any typical mistakes a newbie admin might make in
| > this
| > | > | scenario? For instance, is there any way that I could end up
| > locking
| > | > myself
| > | > | out (i.e. the admin account gets locked for some reason)
| > | > |
| > | > | Thanks!
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|
.
- References:
- When will password policy take effect
- From: epigram
- RE: When will password policy take effect
- From: "Crina Li"
- Re: When will password policy take effect
- From: epigram
- Re: When will password policy take effect
- From: "Crina Li"
- Re: When will password policy take effect
- From: epigram
- When will password policy take effect
- Prev by Date: Re: Shadow Copy
- Next by Date: RE: Outllok Calendaring Problem
- Previous by thread: Re: When will password policy take effect
- Next by thread: Re: Localhost
- Index(es):
Relevant Pages
|
