Password difficulty and Password change frequency

Hi all,

I was testing the password policy for windows 2000 server and somthing has happened which i want to undo.

1. users are all getting different password change message time, they used to have to change it on the same day with a warning over a few days or more now they get a same day warning.

2. I enforced complexity and it only accepts certain complex passwords that should be accepted.

I want to be able to make sure the users are all prompted at the same times for password change and that it is accepting the passwords they enter.

the password requirements are 6 characters with numbers and letters


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeff BeckhamEngineerCommented:
Unless you go and expire all users passwords with a script, users will be prompted to change them based on your max password age and when they decide to change their passwords once they start receiving warnings that they'll need to change them within X days.

The "X" number of days can be changed by updating the default domain policy GPO with the following setting:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive Logon: Prompt user to change password before expiration

Also, password complexity means 2 out of 3 of: mixed-case, numbers and punctuation in addition to no part of the user's logon ID or name.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jeff BeckhamEngineerCommented:
Actually, changing this setting to 0 might lock your users out, requiring you to go in and unlock their accounts.  You probably don't really want this to happen.

You might rather want a script that runs, forcing users to change their password at next logon.
Jeff BeckhamEngineerCommented:
If you were running Windows Server 2003 on your DCs you'd be able to use dsquery/dsmod commands to force a change at next logon.  However, since you're running Windows 2000 Server, you could still use a VB Script to accomplish the task.  See for an example script.
CyberIDentityAuthor Commented:

Thanks for the fast and detailed responses.

I will put them in the grinder for processing :)


It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.