Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Password policy on Server 2008

Posted on 2014-11-25
5
Medium Priority
?
185 Views
Last Modified: 2014-11-25
Hi,
I have a Server 2008 domain with about 20 users on it. Up to now they have all had their password set to not expire in AD, we want to now introduce a password policy. If I enable a password policy of say for example change every 180 days and deploy it - will that immediatley force the users to change their passwords or will they get prompted in 180 days from when the policy is active?

Thanks
Andrew
0
Comment
Question by:activateahsd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 40464472
Short answer immediately

From my testing these settings can be seen by the user without logon, logoff, reboot, or GPO refresh.  As soon as the policy is written and replicated (FGPP or Domain policy) changes to the following settings will be in effect and can impact immediately or very soon.

   Minimum password age
    Maximum password age

    Lockout duration
    Lockout threshold
    Observation window

Good reading.
http://blogs.technet.com/b/askpfeplat/archive/2013/10/11/active-directory-password-policies-when-does-a-password-policy-change-affect-a-user.aspx
0
 

Author Comment

by:activateahsd
ID: 40464479
thats what i thought - thanks!
0
 

Author Closing Comment

by:activateahsd
ID: 40464480
:)
0
 
LVL 29

Expert Comment

by:becraig
ID: 40464492
Bear in mind the assumption here is the user has never changed the password, as such the AD will determine if last change is older than your policy date and force the change.

That being said since you will not know when the last change occurred if at all, it is safest to assume this can and will take immediate effect and act accordingly to minimize impact / downtime.
0
 

Author Comment

by:activateahsd
ID: 40464497
yep understood.
Thanks again...
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question