Solved

Password policy on Server 2008

Posted on 2014-11-25
5
168 Views
Last Modified: 2014-11-25
Hi,
I have a Server 2008 domain with about 20 users on it. Up to now they have all had their password set to not expire in AD, we want to now introduce a password policy. If I enable a password policy of say for example change every 180 days and deploy it - will that immediatley force the users to change their passwords or will they get prompted in 180 days from when the policy is active?

Thanks
Andrew
0
Comment
Question by:activateahsd
  • 3
  • 2
5 Comments
 
LVL 28

Accepted Solution

by:
becraig earned 500 total points
ID: 40464472
Short answer immediately

From my testing these settings can be seen by the user without logon, logoff, reboot, or GPO refresh.  As soon as the policy is written and replicated (FGPP or Domain policy) changes to the following settings will be in effect and can impact immediately or very soon.

   Minimum password age
    Maximum password age

    Lockout duration
    Lockout threshold
    Observation window

Good reading.
http://blogs.technet.com/b/askpfeplat/archive/2013/10/11/active-directory-password-policies-when-does-a-password-policy-change-affect-a-user.aspx
0
 

Author Comment

by:activateahsd
ID: 40464479
thats what i thought - thanks!
0
 

Author Closing Comment

by:activateahsd
ID: 40464480
:)
0
 
LVL 28

Expert Comment

by:becraig
ID: 40464492
Bear in mind the assumption here is the user has never changed the password, as such the AD will determine if last change is older than your policy date and force the change.

That being said since you will not know when the last change occurred if at all, it is safest to assume this can and will take immediate effect and act accordingly to minimize impact / downtime.
0
 

Author Comment

by:activateahsd
ID: 40464497
yep understood.
Thanks again...
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now