Link to home
Start Free TrialLog in
Avatar of itsupport1144
itsupport1144

asked on

Domain password policy .vs. Active Directory user profile account "password never expires"

I have some concerns regarding modification to an existing GPO policy that retains the settings for passwords. I will be modifiing the policy to enforce stronger complexity requirements. this is only policy driving password restrictions as im sure there can only be one at the domain level.

 My question is: "Password Never Expires" is checked off for every user account, will the GPO setting override Password Never Expires in the user account forcing the user to change thier password or even possibly locking out the accounts? I am in a Windows 2008 AD. My current policy will be overwritten by the new settings and most my users don't meet the complexity that I will be implementing.
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jake77444
jake77444

As mkline said it will only require them to make a more complex password the next time they change it.  But remember if "Password Never Expires" they are not required to change it so they could leave it the same forever.  Editing the GP shouldn't lock the accounts out or cause any effects of that nature.

You could simply remove password never expires from all users, expire all passwords and force them to change the passwords.
Avatar of itsupport1144

ASKER

Mike...perfect just what i wanted to hear. I was almost certain what you stated was correct before i even posted but just needed that verification before I throw the switch on...Thank you guys very much for your prompt reponse.

Jake,

Yes at the moment everbody dose have the password never expires checked off but that is why i'm taking care of this task to remove what's currently in place and not cause chaos for all my end users.