Change password policy

Archived from groups: microsoft.public.win2000.security (More info?)

At this moment we have a domain with 300 users, no
password policy set so far, .Now we need to set a
password policy (minimun password 6 characters)

So, the problem is I need to find a way to do it
simultaneously on all users. On this way enforce all users
to change the password as soon as possible

Thanks any comments !
4 answers Last reply
More about change password policy
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Misaro wrote:

    > At this moment we have a domain with 300 users, no
    > password policy set so far, .Now we need to set a
    > password policy (minimun password 6 characters)
    >
    > So, the problem is I need to find a way to do it
    > simultaneously on all users. On this way enforce all users
    > to change the password as soon as possible
    Hi

    The password complexity policy is a domain security policy that
    will apply for all users at the same moment as you enable the
    policy.

    Then I would have used a script that expired all user's password
    so they was forced to change password next time they log on.

    If you need help with this script, say so, and describe your
    environment.

    1) Is this a NT4 or AD domain?

    2) If AD, are the users in the same container/OU or in few or
    spread around in many?

    3) Will you need to "spare" some users, or is it OK to do this
    on absolutely all users in the domain (and then you can eventually
    undo the "User must change password at next logon" on a few users
    using the admin GUI?


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/scriptcenter/default.mspx
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    I need to apply it to all users in differents OU's at the
    same time .you talked about an script I would like to find
    it and if you can do it Explain me how may I use it ?

    Thanks !!


    >-----Original Message-----
    >Misaro wrote:
    >
    >> At this moment we have a domain with 300 users, no
    >> password policy set so far, .Now we need to set a
    >> password policy (minimun password 6 characters)
    >>
    >> So, the problem is I need to find a way to do it
    >> simultaneously on all users. On this way enforce all
    users
    >> to change the password as soon as possible
    >Hi
    >
    >The password complexity policy is a domain security
    policy that
    >will apply for all users at the same moment as you enable
    the
    >policy.
    >
    >Then I would have used a script that expired all user's
    password
    >so they was forced to change password next time they log
    on.
    >
    >If you need help with this script, say so, and describe
    your
    >environment.
    >
    >1) Is this a NT4 or AD domain?
    >
    >2) If AD, are the users in the same container/OU or in
    few or
    >spread around in many?
    >
    >3) Will you need to "spare" some users, or is it OK to do
    this
    >on absolutely all users in the domain (and then you can
    eventually
    >undo the "User must change password at next logon" on a
    few users
    >using the admin GUI?
    >
    >
    >--
    >torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    >Administration scripting examples and an ONLINE version of
    >the 1328 page Scripting Guide:
    >http://www.microsoft.com/technet/scriptcenter/default.mspx
    >.
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    If you have an XP Pro computer on the domain you can install Adminpak for
    Windows 2003 on it, logon as domain admin [make sure computer is known
    secure] and use the Active Directory tools such as dsquery and dsmod for
    user to find users and set their accounts to require change password at next
    logon. You can pipe the results of dsquery to dsmod. --- Steve

    http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/WINDOWSXP/home/using/productdoc/en/dsquery_user.asp
    http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/WINDOWSXP/home/using/productdoc/en/dsmod_user.asp

    Examples
    To find all computers that have been inactive for the last four weeks and
    remove them from the directory, type:

    dsquery computer -inactive 4 | dsrm

    To find all users in the organizational unit
    OU=Marketing,DC=Microsoft,DC=Com and add them to the Marketing Staff group,
    type:

    dsquery user OU=Marketing,DC=Microsoft,DC=Com | dsmod group "CN=Marketing
    Staff,OU=Marketing,DC=Microsoft,DC=Com" -addmbr
    To find all users with names starting with "Mike" and display their office
    numbers, type:

    dsquery user -name Mike* | dsget user -office


    "Misaro" <anonymous@discussions.microsoft.com> wrote in message
    news:24ea01c512c3$2c24a950$a401280a@phx.gbl...
    > At this moment we have a domain with 300 users, no
    > password policy set so far, .Now we need to set a
    > password policy (minimun password 6 characters)
    >
    > So, the problem is I need to find a way to do it
    > simultaneously on all users. On this way enforce all users
    > to change the password as soon as possible
    >
    > Thanks any comments !
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Misaro wrote:

    > I need to apply it to all users in differents OU's at the
    > same time .you talked about an script I would like to find
    > it and if you can do it Explain me how may I use it ?
    Hi

    Put the VBScript below in a .vbs file and run it by double clicking on
    it in Explorer. It will put out a message box for each OU it is about
    to process (press OK to let the script continue).

    You will need to create a text file with the OU paths where there are
    users you want to expire the password for (update the path in the sFile
    variable to correct path/name).

    The text file with the OU list needs to be like this, each full OU path
    on a seperate line:

    OU=Spain,OU=Users
    OU=Test,OU=Spain,OU=Users


    The VBScript file:

    '--------------------8<----------------------


    Const OpenAsDefault = -2
    Const FailIfNotExist = 0
    Const ForReading = 1

    sFile = "c:\scripts\OUList.txt"

    Set oFSO = CreateObject("Scripting.FileSystemObject")

    Set fFile = oFSO.OpenTextFile(sFile, ForReading, _
    FailIfNotExist, OpenAsDefault)

    aOUs = Split(fFile.ReadAll, vbNewLine)
    fFile.Close

    ' Determine the DNS domain from the RootDSE object.
    Set oRootDSE = GetObject("LDAP://RootDSE")
    sDNSDomain = oRootDSE.Get("defaultNamingContext")

    ' verify that we can connect to all OUs before we start
    ' modifying the user objects
    For Each sOU In aOUs
    If sOU <> "" Then
    On Error Resume Next
    sLDAPPath = "LDAP://" & sOU & "," & sDNSDomain
    Set oTargetOU = GetObject(sLDAPPath)
    If Err.Number <> 0 Then

    MsgBox "Quitting (no users changed), could not connect to path " _
    & sLDAPPath, vbCritical + vbSystemModal, "Expire Password"
    WScript.Quit
    End If
    End If
    Next
    On Error Goto 0

    ' start changing the user objects
    For Each sOU In aOUs
    If sOU <> "" Then
    sLDAPPath = "LDAP://" & sOU & "," & sDNSDomain
    MsgBox "About to enumerate users in path " & sLDAPPath, _
    vbInformation + vbSystemModal, "Expire Password"
    Set oTargetOU = GetObject(sLDAPPath)
    oTargetOU.Filter = Array("user")
    For Each oUser In oTargetOU
    If Left(oUser.ObjectCategory, 9) = "CN=Person" Then
    oUser.pwdLastSet = Clng(0)
    ' Save changes
    oUser.SetInfo
    End If
    Next
    End If
    Next

    MsgBox "Done!", vbInformation + vbSystemModal, "Expire Password"


    '--------------------8<----------------------

    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/scriptcenter/default.mspx
Ask a new question

Read More

Policy Security Microsoft Windows