Password policy

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Windows 2000 Server
I'm not very familar with Group Policies so please bear with me.
I've created a policy that forces a password change every 30 days, with a
minimum length and history for an OU (right now I'm the only user in the
OU). I would also like for this policy to force the first password change at
the next logon. Given the policy, with no other changes, I won't have to
change my password until 30 days from today, correct?? If I have the policy
in place and also enable "User must change password at next logon", then I
will be forced to change my password. After testing, I did have to change my
password but the policy did not take effect - the length and history didn't
take. Should the policy be take effect or not until the 30 days? The goal is
to have the policy take effect and force password change at next logon.
Thank you,
Cheryl
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi Cheryl

You can't set password policy on an OU. Only at the domain level is this
allowed so that the entire domain is subject to the same settings.

A good reference is:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

"Cheryl Mutschler" <cheryl.mutschler@bch-insurance.com> wrote in message
news:uX%2361ROeEHA.2440@tk2msftngp13.phx.gbl...
> Windows 2000 Server
> I'm not very familar with Group Policies so please bear with me.
> I've created a policy that forces a password change every 30 days, with a
> minimum length and history for an OU (right now I'm the only user in the
> OU). I would also like for this policy to force the first password change
> at
> the next logon. Given the policy, with no other changes, I won't have to
> change my password until 30 days from today, correct?? If I have the
> policy
> in place and also enable "User must change password at next logon", then I
> will be forced to change my password. After testing, I did have to change
> my
> password but the policy did not take effect - the length and history
> didn't
> take. Should the policy be take effect or not until the 30 days? The goal
> is
> to have the policy take effect and force password change at next logon.
> Thank you,
> Cheryl
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

That's interesting because it's working. It seems as though I didn't give
the policy enough
time to replicate. I tried using the same password when I was prompted to
change it and a message popped up containing the exact password requirements
that are in the Group Policy that I created at the OU level. But, I am still
having a problem and maybe it's because of what you mentioned; Citrix users
logging in through NFuse are getting a credentials error with no option to
change their password. This same error does not occur if the user logs in
through Remote Desktop to the MetaFrame server. This question may be best
for Citrix.

Another question for you/the newsgroup, since this 'shouldn't work' at the
OU level, what would you suggest? Doing the same thing, force the user to
change the password at next logon by enabling "User must change..." but move
the policy to the domain level? Is there a way to force a password change
without enabling "User must change.." and/or do you think it should it be
done differently?

Thank you,
C


"Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
news:uJkgjEPeEHA.3680@TK2MSFTNGP11.phx.gbl...
> Hi Cheryl
>
> You can't set password policy on an OU. Only at the domain level is this
> allowed so that the entire domain is subject to the same settings.
>
> A good reference is:
>
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
>
> Kind regards
> --
> Mark Renoden [MSFT]
> Windows Platform Support Team
> Email: markreno@online.microsoft.com
>
> Please note you'll need to strip ".online" from my email address to email
> me; I'll post a response back to the group.
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "Cheryl Mutschler" <cheryl.mutschler@bch-insurance.com> wrote in message
> news:uX%2361ROeEHA.2440@tk2msftngp13.phx.gbl...
> > Windows 2000 Server
> > I'm not very familar with Group Policies so please bear with me.
> > I've created a policy that forces a password change every 30 days, with
a
> > minimum length and history for an OU (right now I'm the only user in the
> > OU). I would also like for this policy to force the first password
change
> > at
> > the next logon. Given the policy, with no other changes, I won't have to
> > change my password until 30 days from today, correct?? If I have the
> > policy
> > in place and also enable "User must change password at next logon", then
I
> > will be forced to change my password. After testing, I did have to
change
> > my
> > password but the policy did not take effect - the length and history
> > didn't
> > take. Should the policy be take effect or not until the 30 days? The
goal
> > is
> > to have the policy take effect and force password change at next logon.
> > Thank you,
> > Cheryl
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi Cheryl

I think I'd just move the policy settings to the domain level and let things
run their course. When the user's current password (which complies with
your policy) becomes 30 days old, they'll be prompted to change it.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

"Cheryl Mutschler" <cheryl.mutschler@bch-insurance.com> wrote in message
news:OcZcxVVeEHA.720@TK2MSFTNGP11.phx.gbl...
> That's interesting because it's working. It seems as though I didn't give
> the policy enough
> time to replicate. I tried using the same password when I was prompted to
> change it and a message popped up containing the exact password
> requirements
> that are in the Group Policy that I created at the OU level. But, I am
> still
> having a problem and maybe it's because of what you mentioned; Citrix
> users
> logging in through NFuse are getting a credentials error with no option to
> change their password. This same error does not occur if the user logs in
> through Remote Desktop to the MetaFrame server. This question may be best
> for Citrix.
>
> Another question for you/the newsgroup, since this 'shouldn't work' at the
> OU level, what would you suggest? Doing the same thing, force the user to
> change the password at next logon by enabling "User must change..." but
> move
> the policy to the domain level? Is there a way to force a password change
> without enabling "User must change.." and/or do you think it should it be
> done differently?
>
> Thank you,
> C
>
>
> "Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
> news:uJkgjEPeEHA.3680@TK2MSFTNGP11.phx.gbl...
>> Hi Cheryl
>>
>> You can't set password policy on an OU. Only at the domain level is this
>> allowed so that the entire domain is subject to the same settings.
>>
>> A good reference is:
>>
>>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
>>
>> Kind regards
>> --
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>>
>> "Cheryl Mutschler" <cheryl.mutschler@bch-insurance.com> wrote in message
>> news:uX%2361ROeEHA.2440@tk2msftngp13.phx.gbl...
>> > Windows 2000 Server
>> > I'm not very familar with Group Policies so please bear with me.
>> > I've created a policy that forces a password change every 30 days, with
> a
>> > minimum length and history for an OU (right now I'm the only user in
>> > the
>> > OU). I would also like for this policy to force the first password
> change
>> > at
>> > the next logon. Given the policy, with no other changes, I won't have
>> > to
>> > change my password until 30 days from today, correct?? If I have the
>> > policy
>> > in place and also enable "User must change password at next logon",
>> > then
> I
>> > will be forced to change my password. After testing, I did have to
> change
>> > my
>> > password but the policy did not take effect - the length and history
>> > didn't
>> > take. Should the policy be take effect or not until the 30 days? The
> goal
>> > is
>> > to have the policy take effect and force password change at next logon.
>> > Thank you,
>> > Cheryl
>> >
>> >
>>
>>
>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom