Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What is the impact to change the policy Maximum Password Age 60 Days to 0 Day?

Posted on 2014-12-16
6
Medium Priority
?
150 Views
Last Modified: 2014-12-16
Hello everyone,

I need to change temporarily to complete a migration password policy Maximum Password Age 60 Days to 0 days.

What will be the impact on users?

You will be prompted immediately for users to change the password?

I tried to find some official Microsoft document and found nothing about it.

Could someone show me an official documentation on the impact of this change?

Thank you very much.
0
Comment
Question by:lucianolima
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 24

Assisted Solution

by:Phillip Burton
Phillip Burton earned 1000 total points
ID: 40502464
I believe that 0 days means "never expires". In other words, they won't be prompted to change the password, because they don't need to.

See http://technet.microsoft.com/en-gb/library/cc736566%28v=ws.10%29.aspx for more information.
0
 
LVL 7

Expert Comment

by:HaiFai
ID: 40502467
If you set it to 0 password neverexpire so minimum days is 1 max 998

http://technet.microsoft.com/en-us/library/cc736566%28v=ws.10%29.aspx
0
 
LVL 1

Author Comment

by:lucianolima
ID: 40502511
I had also found such documentation, but they are not clear regarding the exchange I need to do.

In theory I agree with you and make much sense this, but as I cannot reproduce this scenario and particularly I have never done this type of change to 0 days I am concerned about the impact this may cause to users.

Has anyone done this in practice?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 24

Accepted Solution

by:
VB ITS earned 1000 total points
ID: 40502516
Yep, I have. Setting it to 0 days just means their passwords will never expire as stated above. They will continue to be able to use their existing password without any issues.
0
 
LVL 1

Author Closing Comment

by:lucianolima
ID: 40502525
Thank you very much All.

I will make the changes in the days and warning everyone about the result.
0
 
LVL 1

Author Comment

by:lucianolima
ID: 40502594
Hello everyone,

I was able to reproduce the changes in a lab environment.

Before you change the Password Policy I ran the command:

net user% USERNAME% / domain

The result was display the expiration date of the account:

Password Expires --> 1/13/2015 10:00:30 PM

Then I changed the Password Policy and execute gpupdate/force in Domain Controller and ran the command again and the result was showing that the password never expires.

Password Expires --> Never
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question