Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password expiration

Status
Not open for further replies.
sirlance

sirlance

MIS
Joined
Sep 17, 2002
Messages
36
Location
US
Hello,

I need to create a password change policy in my AD environment, but don't have much experience with it. I think currently, it has a default of 30 or 42 days if I don't check "password never expires".

First, where can I find that setting to manipulate that number of days.
Second, is there a global place where I can uncheak everyone with the setting "password never expires" or do I need to create a policy to override the setting. Or am I just SOL and need to uncheck this box.
Third, if this is a policy that will override, is it possible to bar certain users to the policy?
And last (I hope), I have a trusted domain that was orginally NT (Updated domain from 4.0 to mixed mode). Will that policy cover both domains?

Thanks
I hope it wasn't too confusing...

Lance
 
Sort by date Sort by votes
Start, Run, MMC. Add remove snap-ins, add Local Computer Policy. Under that, tree down to windows settings, security settings. and account policies. Good luck. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com
[americanflag]

"A person often meets his destiny on the road he took to avoid it."
Jean de La Fontaine (1621-1695); French poet.
 
Upvote 0 Downvote
Thanks. Can anybody help with the other parts?
 
Upvote 0 Downvote
security policies are bound by domain limits. Implementing this policy in DomainA will not affect users in a trusted DomainB.
There is no global place to uncheck the "password never expires".
If you place a password policy at the domain level, ALL domain members are affected by it, regardless of whether you say "block inheritance" at an OU level. If you leave the domain level policy undefined or less strict, then you can set OU level password policies that will effectively "override" the domain....
 
Upvote 0 Downvote
Thanks All. I have an additional question.

I also have systems that do not belong to any domain (Workgroup), but use Exchange (thus needing to enter login info when lauching Outlook). When a password expires, 1) I assume that the user of such system will get message, correct, and 2) will that user be able to successfully change the password at that time? I ask, because we have trouble for such users of system like this when just reseting a password. They would need to login to a domain box to do so.

Thanks All
 
Upvote 0 Downvote
The latter of your statements holds true. They will NOT be prompted, and they will need to logon to the domain to change the password...
 
Upvote 0 Downvote
You should really consider rethinking you securtiy policy
There are reasons users should continue to change their passwords on a regular basis.

Just because managment doesn't like it should make you just bypass basic network security measures
 
Upvote 0 Downvote
Thanks all. I appreciate your help and comments.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mohamed-IT
  • Locked
  • Question Question
Windows server 2019 password locked
Replies
1
Views
397
strongm
strongm
penguinroundup
  • Locked
  • Question Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
424
penguinroundup
penguinroundup
TECHMAN007
  • Locked
  • Question Question
RD Web Password Change
Replies
0
Views
298
TECHMAN007
TECHMAN007
scmoh
  • Locked
  • Question Question
Password Expire Email Alert
Replies
3
Views
292
disturbedone
disturbedone
lorel
  • Locked
  • Question Question
Can not type loggin and password after connecting to 3002 via Terminal services
Replies
1
Views
232
technome
technome

Part and Inventory Search

Sponsor

Back
Top