We help IT Professionals succeed at work.

Password difficulty and Password change frequency

CyberIDentity
on
Medium Priority
748 Views
Last Modified: 2013-12-04
Hi all,

I was testing the password policy for windows 2000 server and somthing has happened which i want to undo.

1. users are all getting different password change message time, they used to have to change it on the same day with a warning over a few days or more now they get a same day warning.

2. I enforced complexity and it only accepts certain complex passwords that should be accepted.

I want to be able to make sure the users are all prompted at the same times for password change and that it is accepting the passwords they enter.

the password requirements are 6 characters with numbers and letters

Thanks

CyberIDentity
Comment
Watch Question

Engineer
CERTIFIED EXPERT
Commented:
Unless you go and expire all users passwords with a script, users will be prompted to change them based on your max password age and when they decide to change their passwords once they start receiving warnings that they'll need to change them within X days.

The "X" number of days can be changed by updating the default domain policy GPO with the following setting:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive Logon: Prompt user to change password before expiration

Also, password complexity means 2 out of 3 of: mixed-case, numbers and punctuation in addition to no part of the user's logon ID or name.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Jeff BeckhamEngineer
CERTIFIED EXPERT

Commented:
Actually, changing this setting to 0 might lock your users out, requiring you to go in and unlock their accounts.  You probably don't really want this to happen.

You might rather want a script that runs, forcing users to change their password at next logon.
Jeff BeckhamEngineer
CERTIFIED EXPERT

Commented:
If you were running Windows Server 2003 on your DCs you'd be able to use dsquery/dsmod commands to force a change at next logon.  However, since you're running Windows 2000 Server, you could still use a VB Script to accomplish the task.  See http://www.computerperformance.co.uk/ezine/ezine23.htm#Force%20users%20to%20change%20password for an example script.

Author

Commented:
Jebckham,

Thanks for the fast and detailed responses.

I will put them in the grinder for processing :)

Thanks

CyberIDentity
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.