ENFORCE NEW PASSWORD POLICY

dirkdigs
dirkdigs used Ask the Experts™
on
Old password policy: NONE

New password policy:
Enforce password history: 24 passwords rememebred
Max password Age: 180 days
Min password Ag: 1 days
Min password length: 8 chars
Password must meet complexity req.: Enabled
Store password using reversible encryption: Enabled

Environment: Server 2003 / XP Pro / Windows Domain

What can I do to ensure that users who HAVE NOT adjusted their passwords are unable to login to the network until they do.

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2018
Distinguished Expert 2018

Commented:
Check "Must change password on next logon" for all users.
The current password can not be checked against the policy.
Top Expert 2013

Commented:
You could go in and set the users so that
"users must change password at next logon" is checked.  That will ensure they have to change it and your new settings would be forced.
Give them some notice before you do that, maybe a few broadcast messages letting them know about the change and that on a certain date they will all be forced to change their passwords etc.
I'm all for complex passwords but you also don't want a bunch of angry users.
Thanks
Mike

Author

Commented:
ok so what do i do for the users who have already made the change. because this will force them to change their passwords as well right?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2013

Commented:
yeah it will,  did they just change it on their own?   You didn't have a max password age set before.
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
Those you obviously don't need to set the flag; you just need to know who changed the password already ...
You can register acctinfo.dll, which adds a new tab "Additional Account Info" to a user's ADUC dialog, including information about the password age.
Account Lockout and Management Tools
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Author

Commented:
ya i sent out emails asking users to change the passwords; i neevr checked must chnage at next logon. today i found out some users have not changed their passwords still...If theres a way I can make it so only the users with old passwords are forced to chnage then that would be ideal. and the users who have chnaged it dont need to come up with a new password this soon.

Author

Commented:
registered the .dll - dont see an "Additional Account Info" Tab

Author

Commented:
nevermind. works. thanks.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial