• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 651
  • Last Modified:

Maximum Password Age

I have a stand alone Windows 2000 workstation.  This machine does not access the network.  I want to change the MaximunPasswordAge from the default 42days to 90days.  When I go into Local Security Setting, Password Policy, right click on Maximum Password Age there are 2 places that need to be changed.  Security settings and Effective settings.  I am logged on as Adminstrator and I change the security settings to 90 days.  The effective settings is still 42 days until I reboot.  Then both the Security settings and Effective settings register 90 days.  For some reason the change does not stay.  My user gets notification to change his password 28 days later and when I go back into Local security setting, password policy the settings are back to 42 days.   Does anyone have any ideas?  Thanks.
0
grandma1
Asked:
grandma1
  • 10
  • 9
1 Solution
 
Pete LongConsultantCommented:
start >run >gpedit.msc

whats in

computer config >windows settings > security settings > account policies > password policy

Pete
0
 
Pete LongConsultantCommented:
by defalt this is set to 42 days - "The Maximum Password Age" value
0
 
grandma1Author Commented:
Pee

"The Maximun Password Age" value is the default 42 days.  I want to change the default and have it stay.  Thanks
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
grandma1Author Commented:
Sorry Pete, my finger didn't hit properly.
0
 
Pete LongConsultantCommented:
double click the value and change it to 90, if it then returns to 42 its being imposed on the server by GPO or domain security policy
0
 
grandma1Author Commented:
Hi Pete, both I and my supervisor have changed it to 90 and it does return to 42.  I cannot see how it would be imposed on the server by GPO or domain security policy as it is not attached to the network.  I don't have a cable attached to the box but maybe I am missing something?  Thanks
0
 
Pete LongConsultantCommented:
>> I cannot see how it would be imposed on the server by GPO or domain security policy as it is not attached to the network.  I don't have a cable attached to the box but maybe I am missing something?

Has it ever been attached to a network? if so it will keep the domain security settings?
0
 
Pete LongConsultantCommented:
Maximum Password Age: Maximum password age determines how long users can keep a password before they have to change it. The aim is to periodically force users to change their passwords. When this feature is used, set a value that makes sense for the specific network environment it is being applied to. Generally, a shorter period is used when security is very important and a longer period when security is less important.

The default expiration date is 42 days; however, it can be set to any value from 0 to 999. A value of zero specifies that passwords do not expire. Although it may be tempting to set no expiration date, users should change passwords regularly to ensure the network's security. Where security is a concern, good values are 30, 60, or 90 days. Where security is less important, good values are 120, 150, or 180 days
From http://www.microsoft.com/technet/security/topics/issues/w2kccadm/acctpol/w2kadm07.mspx
0
 
Pete LongConsultantCommented:
and just so we are not missing the obvious - you are logged in with administrative priveledges arnt you?
0
 
luv2smileCommented:
Just for kickers...even tho I know it doesn't have an active network connection:

Right click my computer, properties, comptuer name, and then click "change" - to rename the comptuer or join a domain

What do you see here? Does it have checked that the comptuer is a member of a domain or a workgroup?

0
 
grandma1Author Commented:
Yes I am logged on with administrative privileges.  
0
 
grandma1Author Commented:
luv2smile,

Yes it is checked that it is a member of a workgroup.
0
 
grandma1Author Commented:
Pete,

It was attached to the network when it was set up in the beginning.  A Novell Network.  We are not on a domain according to my network administrator.
0
 
Pete LongConsultantCommented:
>> A Novell Network

was there Novell Zenworks policies enforced?
0
 
grandma1Author Commented:
My network administrator says yes
0
 
Pete LongConsultantCommented:
Ouch, that can be hidden anywhere in the registry :( does the server have a Novell Client on it?
0
 
grandma1Author Commented:
Pete, We run Netware on our Server.  My network administrator says the workstations have the Novell Client.  We are running 4.9 on the workstations. Should I try attaching the machine to the network and try something different?  Thanks  
0
 
Pete LongConsultantCommented:
If its a standalond remove the netware client (you dont need it) remove it from the network card properties (ie select novell and click remove) then try again
0
 
grandma1Author Commented:
Hi Pete,  It has been a couple of weeks, but I uninstalled the client like you suggested and checked it both last week and this week and the maximum password age is still at 90 days.  Thanks so much.
0
 
Pete LongConsultantCommented:
ThanQ
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 10
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now