Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Implementing password change 1

Status
Not open for further replies.
ZipperHeadMan

ZipperHeadMan

IS-IT--Management
Apr 21, 2005
58
CA
Hi,

I would like to force a password change every 120 days, via Active Directory.

Do I have to configure a computer or user GPO to achive this?

If its a computer GPO, than how does AD recognize if a user has already been prompted to change their password?
 
Sort by date Sort by votes
Password policy can only be set at the domain root level for user accounts and it is set in the user config area.
 
Upvote 0 Downvote
porkchopexpress is right, but do not be fooled: You can set the security settings on every GPO level, but only the domain one will apply.
 
Upvote 0 Downvote
Sorry that was a lie it is set in the computer config are of the domain policy.
 
Upvote 0 Downvote
Oh yes good point Loki1973 that can be very confusing, i think OU level settings will affect local user accounts but not domain accounts.
 
Upvote 0 Downvote
Hey thanks you two,

So, if I disable the password settings in the default domain GPO and configure a new GPO and link it to an OU further down the tree, will that work? or will the default domain GPO overide? I want to test this on a few machines first..not the whole domain. What you think?

Second...if this is a computer GPO, what happens if a user has access to two or more PC's? Will they be prompted to change their passwords again...I don't want this to happen!
Can you elaborate?

Your insight is appreciated
TREE
 
Upvote 0 Downvote
No i'm almost certain the only place that you can set this is in the Default Domain Policy or one linked at the same level. You will have to test it in a lab setup i'm afraid.

The policy is set in the computer area of the policy but the info is stored in the Active Directory so they will only be prompted once.
 
Upvote 0 Downvote
Great!

Any thoughts on how I can force a "user must change password at next logon" across the masses?

Apart from configuring this on each user object, can automate is for an entire OU of users? or am I out of luck?

TREE
 
Upvote 0 Downvote
Yes you're right, I can.
But only in AD not after a user object search.

Thanks
 
Upvote 0 Downvote
How about implementing a grace login period like Novell supports. Does such an option exist in Windows?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
299
strongm
strongm
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
319
penguinroundup
penguinroundup
TECHMAN007
  • Locked
  • Question
RD Web Password Change
Replies
0
Views
228
TECHMAN007
TECHMAN007
goombawaho
  • Locked
  • Question
How to open Change user role for user accounts wizard
Replies
2
Views
231
goombawaho
goombawaho
scmoh
  • Locked
  • Question
Change Cluster size without formatting
Replies
0
Views
274
scmoh
scmoh

Part and Inventory Search

Sponsor

Back
Top