Implement Password policy - Server 2008 R2 Domain

Posted on 2011-10-04
Last Modified: 2012-08-13
I would like to implement a password policy on our domain.
Min 8 Characters
Upper, Lower case Letters and numbers
Can't use previous 4 passwords.

First question, where do I implement this in Server 2008 GP?

Second question, if I implement now, will all users imediatly be prompted to change? or can I give them X days to do it? We have a lot of roaming users, so need to give them a chance to come into the office and change before it expires.
Question by:Mayogroup
    LVL 24

    Accepted Solution

    Here is the steps to meet your requirement.

    Once you implement the policy then it will start working from next login or next reboot.

    Author Comment

    We are using Xenapp for published apps and desktops also. So this may present a problem. The users will be able to log into their local PC outside the office, but when they try stream a Xenapp App or desktop, it will not be able to reset their password.


    Author Comment

    Is it possible to implement the policy, but the users not have to change until the password expires next? So then they will have the 14 days prompts to change?
    LVL 24

    Expert Comment

    by:Sekar Chinnakannu
    Once you implement the policy xenapp will popup users to change the policy based on your policy  configuration. Policy start working based on your policy configuration.

    Author Comment

    This will be fine for everyone logged onto Xenapp at the time I assume. But everyone that is not logged on, I guess they wont be able to.

    Also our roaming users all pass through our Proxy server for browsing. There is definitely no way to implement the policy where it gives everyone notice before hand?

    Author Comment

    If anyone knows how to implement this policy but give the users X days to change their password the 1st time that would be great.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Shouldn't all users have the same email signature?

    You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

    We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
    If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
    This tutorial will show how to inventory, catalog, and restore media from legacy versions of Backup Exec into both 2012 and 2014 versions of the software. Select Storage from the tabs along the ribbon bar as the top: Ensure the proper storage devi…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now