Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

In DC - user must change password at next logon

Posted on 2012-12-22
3
Medium Priority
?
669 Views
Last Modified: 2012-12-27
Dear All,

Good Day,

When new user accounts are created, we set a temporary password and check the "User must change password at next logon" box on the user account. In this default domain policy, account passwords expire every 30 days or not. if not how to set account passwords expire every 30 days.

Waiting for your reply

Thanks
Kumar
0
Comment
Question by:Ram Kumar Chellam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 15

Accepted Solution

by:
achaldave earned 334 total points
ID: 38716033
You need to configure password policy GPO, if you are going to use same policy for all users in domain then you can use default domain policy otherwise you need to create different policies and apply them to OUs.
If you change default domain policy, make sure you set "password never expired" option on service accounts otherwise you need to change service accounts password and reconfigure services every X number of days specified in the policy. When set option "Password never expires" the option overrides the group policy setting applied to account.

http://technet.microsoft.com/en-us/library/cc736605%28WS.10%29.aspx
0
 
LVL 2

Assisted Solution

by:Ganpar
Ganpar earned 334 total points
ID: 38716037
You can check the default domain policy setting on

http://technet.microsoft.com/en-us/library/4695b475-f87e-45c5-93c7-49af2f94215f(v=ws.10)#BKMK_Pwd

You can edit this policy using gpmc tool. If you have windows server 2003 download GPMC -

http://www.microsoft.com/en-us/download/details.aspx?id=21895

Please note you must be a member of "Domain Admin" or "Enterpriese Admin" group
0
 
LVL 41

Assisted Solution

by:footech
footech earned 332 total points
ID: 38716660
Unless your domain functional level is 2008 you can only have one password policy for all users.  If the level is 2008+, then you can utilize fine-grained password policies to apply to different users.
http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question