Password Policy

[Greg]

Archived from groups: microsoft.public.win2000.security (More info?)

We are about to implement password policy on our domain
and I had a quick question or two. When the password is
about to expire, by default how many days notice will it
give the user before it expires (Win2k domain)? When the
password does expire can we configure the policy to allow
them to over-ride changing it a few times before it
insists that the change happen?

Thanks!

-greg

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

The default warning period is 14 days as defined in the security options of the
appropriate security policy. There is no way to temporarily give users an override
when they are told their password has expired - they must change it then to logon or
access resources in the domain. Any users who have "password never expirers" in their
user account properties will not be subject to maximum password age and after you
implement a maximum password age, the affected users that have a password older than
the maximum will have their password immediately expire. Be sure to warn users of
impending change. A user can use the " net user username " command to find out when
their password expires and you can use the free Dumpsec tool from SomarSoft with the
dump users feature to find out the age of you users passwords and a whole lot
more. --- Steve

http://www.somarsoft.com/

"Greg" <anonymous@discussions.microsoft.com> wrote in message
news:04b601c496d3$0b495e40$a401280a@phx.gbl...
> We are about to implement password policy on our domain
> and I had a quick question or two. When the password is
> about to expire, by default how many days notice will it
> give the user before it expires (Win2k domain)? When the
> password does expire can we configure the policy to allow
> them to over-ride changing it a few times before it
> insists that the change happen?
>
> Thanks!
>
> -greg