grandma1
asked on
Maximum Password Age
I have a stand alone Windows 2000 workstation. This machine does not access the network. I want to change the MaximunPasswordAge from the default 42days to 90days. When I go into Local Security Setting, Password Policy, right click on Maximum Password Age there are 2 places that need to be changed. Security settings and Effective settings. I am logged on as Adminstrator and I change the security settings to 90 days. The effective settings is still 42 days until I reboot. Then both the Security settings and Effective settings register 90 days. For some reason the change does not stay. My user gets notification to change his password 28 days later and when I go back into Local security setting, password policy the settings are back to 42 days. Does anyone have any ideas? Thanks.
by defalt this is set to 42 days - "The Maximum Password Age" value
ASKER
Pee
"The Maximun Password Age" value is the default 42 days. I want to change the default and have it stay. Thanks
"The Maximun Password Age" value is the default 42 days. I want to change the default and have it stay. Thanks
ASKER
Sorry Pete, my finger didn't hit properly.
double click the value and change it to 90, if it then returns to 42 its being imposed on the server by GPO or domain security policy
ASKER
Hi Pete, both I and my supervisor have changed it to 90 and it does return to 42. I cannot see how it would be imposed on the server by GPO or domain security policy as it is not attached to the network. I don't have a cable attached to the box but maybe I am missing something? Thanks
>> I cannot see how it would be imposed on the server by GPO or domain security policy as it is not attached to the network. I don't have a cable attached to the box but maybe I am missing something?
Has it ever been attached to a network? if so it will keep the domain security settings?
Has it ever been attached to a network? if so it will keep the domain security settings?
Maximum Password Age: Maximum password age determines how long users can keep a password before they have to change it. The aim is to periodically force users to change their passwords. When this feature is used, set a value that makes sense for the specific network environment it is being applied to. Generally, a shorter period is used when security is very important and a longer period when security is less important.
The default expiration date is 42 days; however, it can be set to any value from 0 to 999. A value of zero specifies that passwords do not expire. Although it may be tempting to set no expiration date, users should change passwords regularly to ensure the network's security. Where security is a concern, good values are 30, 60, or 90 days. Where security is less important, good values are 120, 150, or 180 days
From http://www.microsoft.com/technet/security/topics/issues/w2kccadm/acctpol/w2kadm07.mspx
The default expiration date is 42 days; however, it can be set to any value from 0 to 999. A value of zero specifies that passwords do not expire. Although it may be tempting to set no expiration date, users should change passwords regularly to ensure the network's security. Where security is a concern, good values are 30, 60, or 90 days. Where security is less important, good values are 120, 150, or 180 days
From http://www.microsoft.com/technet/security/topics/issues/w2kccadm/acctpol/w2kadm07.mspx
and just so we are not missing the obvious - you are logged in with administrative priveledges arnt you?
Just for kickers...even tho I know it doesn't have an active network connection:
Right click my computer, properties, comptuer name, and then click "change" - to rename the comptuer or join a domain
What do you see here? Does it have checked that the comptuer is a member of a domain or a workgroup?
Right click my computer, properties, comptuer name, and then click "change" - to rename the comptuer or join a domain
What do you see here? Does it have checked that the comptuer is a member of a domain or a workgroup?
ASKER
Yes I am logged on with administrative privileges.
ASKER
luv2smile,
Yes it is checked that it is a member of a workgroup.
Yes it is checked that it is a member of a workgroup.
ASKER
Pete,
It was attached to the network when it was set up in the beginning. A Novell Network. We are not on a domain according to my network administrator.
It was attached to the network when it was set up in the beginning. A Novell Network. We are not on a domain according to my network administrator.
>> A Novell Network
was there Novell Zenworks policies enforced?
was there Novell Zenworks policies enforced?
ASKER
My network administrator says yes
Ouch, that can be hidden anywhere in the registry :( does the server have a Novell Client on it?
ASKER
Pete, We run Netware on our Server. My network administrator says the workstations have the Novell Client. We are running 4.9 on the workstations. Should I try attaching the machine to the network and try something different? Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Pete, It has been a couple of weeks, but I uninstalled the client like you suggested and checked it both last week and this week and the maximum password age is still at 90 days. Thanks so much.
ThanQ
whats in
computer config >windows settings > security settings > account policies > password policy
Pete