Implement Password policy - Server 2008 R2 Domain

I would like to implement a password policy on our domain.
Min 8 Characters
Upper, Lower case Letters and numbers
Can't use previous 4 passwords.

First question, where do I implement this in Server 2008 GP?

Second question, if I implement now, will all users imediatly be prompted to change? or can I give them X days to do it? We have a lot of roaming users, so need to give them a chance to come into the office and change before it expires.
MayogroupAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sekar ChinnakannuStaff EngineerCommented:
Here is the steps to meet your requirement.

http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx.

Once you implement the policy then it will start working from next login or next reboot.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MayogroupAuthor Commented:
Appreciated.
We are using Xenapp for published apps and desktops also. So this may present a problem. The users will be able to log into their local PC outside the office, but when they try stream a Xenapp App or desktop, it will not be able to reset their password.

Suggestions?
0
MayogroupAuthor Commented:
Is it possible to implement the policy, but the users not have to change until the password expires next? So then they will have the 14 days prompts to change?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Sekar ChinnakannuStaff EngineerCommented:
Once you implement the policy xenapp will popup users to change the policy based on your policy  configuration. Policy start working based on your policy configuration.
0
MayogroupAuthor Commented:
This will be fine for everyone logged onto Xenapp at the time I assume. But everyone that is not logged on, I guess they wont be able to.

Also our roaming users all pass through our Proxy server for browsing. There is definitely no way to implement the policy where it gives everyone notice before hand?
0
MayogroupAuthor Commented:
If anyone knows how to implement this policy but give the users X days to change their password the 1st time that would be great.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.