[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Password difficulty and Password change frequency

Posted on 2006-03-22
Medium Priority
Last Modified: 2013-12-04
Hi all,

I was testing the password policy for windows 2000 server and somthing has happened which i want to undo.

1. users are all getting different password change message time, they used to have to change it on the same day with a warning over a few days or more now they get a same day warning.

2. I enforced complexity and it only accepts certain complex passwords that should be accepted.

I want to be able to make sure the users are all prompted at the same times for password change and that it is accepting the passwords they enter.

the password requirements are 6 characters with numbers and letters


Question by:CyberIDentity
  • 3

Accepted Solution

Jeff Beckham earned 2000 total points
ID: 16262930
Unless you go and expire all users passwords with a script, users will be prompted to change them based on your max password age and when they decide to change their passwords once they start receiving warnings that they'll need to change them within X days.

The "X" number of days can be changed by updating the default domain policy GPO with the following setting:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive Logon: Prompt user to change password before expiration

Also, password complexity means 2 out of 3 of: mixed-case, numbers and punctuation in addition to no part of the user's logon ID or name.

Expert Comment

by:Jeff Beckham
ID: 16262950
Actually, changing this setting to 0 might lock your users out, requiring you to go in and unlock their accounts.  You probably don't really want this to happen.

You might rather want a script that runs, forcing users to change their password at next logon.

Expert Comment

by:Jeff Beckham
ID: 16263012
If you were running Windows Server 2003 on your DCs you'd be able to use dsquery/dsmod commands to force a change at next logon.  However, since you're running Windows 2000 Server, you could still use a VB Script to accomplish the task.  See http://www.computerperformance.co.uk/ezine/ezine23.htm#Force%20users%20to%20change%20password for an example script.

Author Comment

ID: 16263078

Thanks for the fast and detailed responses.

I will put them in the grinder for processing :)



Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question