Solved

Password policy on Server 2008

Posted on 2014-11-25
5
173 Views
Last Modified: 2014-11-25
Hi,
I have a Server 2008 domain with about 20 users on it. Up to now they have all had their password set to not expire in AD, we want to now introduce a password policy. If I enable a password policy of say for example change every 180 days and deploy it - will that immediatley force the users to change their passwords or will they get prompted in 180 days from when the policy is active?

Thanks
Andrew
0
Comment
Question by:activateahsd
  • 3
  • 2
5 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40464472
Short answer immediately

From my testing these settings can be seen by the user without logon, logoff, reboot, or GPO refresh.  As soon as the policy is written and replicated (FGPP or Domain policy) changes to the following settings will be in effect and can impact immediately or very soon.

   Minimum password age
    Maximum password age

    Lockout duration
    Lockout threshold
    Observation window

Good reading.
http://blogs.technet.com/b/askpfeplat/archive/2013/10/11/active-directory-password-policies-when-does-a-password-policy-change-affect-a-user.aspx
0
 

Author Comment

by:activateahsd
ID: 40464479
thats what i thought - thanks!
0
 

Author Closing Comment

by:activateahsd
ID: 40464480
:)
0
 
LVL 29

Expert Comment

by:becraig
ID: 40464492
Bear in mind the assumption here is the user has never changed the password, as such the AD will determine if last change is older than your policy date and force the change.

That being said since you will not know when the last change occurred if at all, it is safest to assume this can and will take immediate effect and act accordingly to minimize impact / downtime.
0
 

Author Comment

by:activateahsd
ID: 40464497
yep understood.
Thanks again...
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question