Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows Maximum Password Age

Posted on 2011-02-26
10
Medium Priority
?
660 Views
Last Modified: 2012-05-11
Hi, I am trying to setup security policies on a XP machine and I have the following question.  I have two accounts (both Admin) but one with a blank password, and the other with a regular password.  I need to enforce a "maximum password age" policy, and I found where you set that up in the registry
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]

Open in new window

maximumpasswordage

Open in new window

but my real question is, if I have this set to say 90 days, will it enforce this policy for any accounts that have a "blank" passwords or only for one's that have a real password associated with the account.

My issue is, the account with the blank password needs to auto-login everytime, and I don't want to have a situation where on day 90 it does not auto-login and hangs-up because it needs to have a password changed...

Please help :)
0
Comment
Question by:arunykand
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 10

Accepted Solution

by:
abbright earned 2000 total points
ID: 34987594
I believe that the password expiry options acts on all accounts whether they have a password set or not. If you want to prevent this for a single account you can set the "password never expires" option on the account itself. Then it won't expire even after the 90 days.
0
 
LVL 41

Expert Comment

by:graye
ID: 34987595
I'm pretty sure that the Maximum Password Age is a "global" setting... that affects all acounts.

So, I'd be thinking that it *would* mess up your auto-login at the end of 90 days
0
 

Author Comment

by:arunykand
ID: 34987618
Ok, so I would go to the account ( via control userpasswords2) with the blank password and check the 'password never expires' and then make the registry edit that I mentioned above, and that will enforce the password expiry date globally, but will not affect any accounts with the 'pwd never expires' option checked? Is that correct?

BTW, i've noticed that if I run the reg mod I mentioned in my post, it changes the reg entry, but it does not change maximum password age under local security settings, why is that?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 10

Expert Comment

by:abbright
ID: 34987641
yes to the first question. Regarding the second there is a long discussion about this topic here: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22066588.html
0
 

Author Comment

by:arunykand
ID: 34987673
Ok got it for the first one....Now regarding the second question I had, so which one applies for maximum password age, the one that is set in the registry, or the one that is set in local security settings? (This is a stand-alone WinXP pc, no domain, etc)?  (Registry says 90 days, local sec settings displays 42)
0
 

Author Comment

by:arunykand
ID: 34987786
Not sure if I should update the maximum password age via registry or via local security settings since updating the registry does not seem to update the other and I was trying to avoid doing this manually via local security settings.
0
 
LVL 10

Expert Comment

by:abbright
ID: 34987878
I'm not sure what the registry value does. I'd use the local security setting as that's the "official" way to do it.
0
 

Author Comment

by:arunykand
ID: 34987889
Hmm, that's what I was afraid of.....I was hoping for ease of use, have all my mods in a reg file and just execute that instead of messing around with local security settings.  
0
 
LVL 10

Expert Comment

by:abbright
ID: 34988333
Here's a link from Microsoft giving you the right registry setting: http://support.microsoft.com/kb/555540/en-us
0
 

Author Comment

by:arunykand
ID: 34988363
Thanks for the help!
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question