Server password age - without a policy

microsoft.public.windows.server.security - Supporting MS Windows network? Read here before it's too late! 

Subject Author Date Server password age - without a policy Hutchy 05-07-2006  Re: Server password age - without a policy Steven L Umbach 05-07-2006  Re: Server password age - without a policy Hut 05-07-2006

Posted by Hutchy on May 7, 2006, 9:33 pm Please log in for more thread options Hypothetically speaking... If you have a 0 day password age policy (passwords dont expire) ... ... and you decide to make it 30 days ... What happens to users who have passwords that havent been changed in over 30 days? ... do they get asked immediately, next logon to change their passwords? ... or will a grace period apply? I assume its immediately, but before 2000 users scream at me, I want to know for sure. Thankyou. Posted by Steven L Umbach on May 7, 2006, 11:01 pm Please log in for more thread options Their passwords will immediately expire so that change is something you want to plan for and to communicate to users. Also any user that has their account figured for "password never expires" will not be subject to the maximum password age. The command net user username will show when a user last set their password and free tools like Dumpsec from SomarSoft can show reports with such info for your users. --- Steve http://www.somarsoft.com/ --- Dumpsec show/hide quoted text > Hypothetically speaking... > If you have a 0 day password age policy (passwords dont expire) ... > ... and you decide to make it 30 days ... > What happens to users who have passwords that havent been changed in over > 30 > days? > ... do they get asked immediately, next logon to change their passwords? > ... or will a grace period apply? > I assume its immediately, but before 2000 users scream at me, I want to > know > for sure. > Thankyou. Posted by Hutchy on May 7, 2006, 11:29 pm Please log in for more thread options Thankyou Steven. This is what I needed to know. "Steven L Umbach" wrote: show/hide quoted text > Their passwords will immediately expire so that change is something you want > to plan for and to communicate to users. Also any user that has their > account figured for "password never expires" will not be subject to the > maximum password age. The command net user username will show when a user > last set their password and free tools like Dumpsec from SomarSoft can show > reports with such info for your users. --- Steve > > http://www.somarsoft.com/ --- Dumpsec > > > Hypothetically speaking... > > If you have a 0 day password age policy (passwords dont expire) ... > > ... and you decide to make it 30 days ... > > What happens to users who have passwords that havent been changed in over > > 30 > > days? > > ... do they get asked immediately, next logon to change their passwords? > > ... or will a grace period apply? > > I assume its immediately, but before 2000 users scream at me, I want to > > know > > for sure. > > Thankyou. > > > Similar Threads Posted Password Policy require server restart March 11, 2006, 9:37 am GPO - password policy - Urgent February 2, 2006, 11:34 am Apply or modify password policy December 26, 2006, 7:37 pm Windows 2003 domain password policy September 26, 2006, 9:53 pm Password Security Policy for Local on Window 2003 March 14, 2008, 4:10 pm Re: Password management policy when an admin left the company ? June 8, 2009, 10:00 am Password management policy when an admin left the company ? June 8, 2009, 9:54 am Re: Password management policy when an admin left the company ? June 9, 2009, 7:23 am Domain Password Policy - Ensuring Service Accounts Don't Get Locked Out January 13, 2010, 3:49 pm IAS server and group policy November 2, 2005, 11:04 am