Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Password never expires

Posted on 2011-09-09
4
Medium Priority
?
1,024 Views
Last Modified: 2012-05-12
We have half of our users who’s passwords where set to never expire during our Win7 roll out. There is an existing policy to force passwords to change every 90 days. Most of these accounts are pass the 90 days from the time the check box for never expire was implemented. If We unchecked the box and with that policy in place what is the expected behavior?

- Will they be locked out immediately and be forced to log off and change their password?
    - What about remote users? Are they locked out until they get back on the domain?
- Or is the 90 days policy reset upon unchecking the box and accounts will not need to change until 90 from now?

What's the best way to avoid having all these user forced to recreate their passwords?
0
Comment
Question by:SteveKauffman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 36512609
They would need to change their password the next time they log off/logon.  They would not be locked out immediately.

I'd make sure to communicate the password policy and give them plenty of advanced notice.

Thanks

Mike
0
 
LVL 3

Expert Comment

by:arifkayaca
ID: 36518807
As mkline71 said, if you unchecked the box, your user's account will not locked and remote users exactly same.

I think the best way is set maximum password age to 0 from your password policy settings, in this way your users avoid recreate their passwords.


I hope this will usefull, good luck.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 36519313
Wait. You are only unchecking "password never expires", right? Then nothing would happen for ninety days, the counter starts right then. If they are offline and connect to the domain again a few days later, the countdown would have work manwhilst, because it resides on the domain controller which is never offline.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 36519320
Oops, sorry, I totally blew it ;)
The counter in fact uses the "password last set" attribute, so (again no matter if offline or not) you might have passwords that expire at once.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question