Default Domain Security Policy - Password Requirements
We plan on enabling complex passwords and requireing users to change their passwords every 90 days. We have a few thin clients that auto login to the network for clock in/out functionality. If there account is set to user cannot change password will it expire?Thanks,Jon
July 8th, 2009 10:33pm

Hello Jonathan,Yes, I think it will expire but, if you set to password never expires, then the change password policy will not affect that account.Isaac Oben MCITP:EA, MCSE
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2009 10:54pm

hi there, With the policy set as "User cannot change password " , password will expire and Isaac pointed you should make the policy as "password never expires"also set Enforce password history determines the number of unique new passwords a user must use before an old password can be reused. The value of this setting can be between 0 and 24; if this value is set to 0, enforce password history is disabled. For most organizations, set this value to 24 passwords. Passwords must meet complexity requirements determines whether password complexity is enforced. If this setting is enabled, user passwords meet the following requirements: The password is at least six characters long. The password contains characters from at least three of the following five categories: English uppercase characters (A Z) English lowercase characters (a z) Base 10 digits (0 9) Non-alphanumeric (For example: !, $, #, or %) Unicode characters The password does not contain three or more characters from the user's account name. If the account name is less than three characters long, this check is not performed because the rate at which passwords would be rejected is too high. When checking against the user's full name, several characters are treated as delimiters that separate the name into individual tokens: commas, periods, dashes/hyphens, underscores, spaces, pound-signs and tabs. For each token that is three or more characters long, that token is searched for in the password; if it is present the password change is rejected. For example, the name "Erin M. Hagens" would be split into three tokens: "Erin," "M," and "Hagens." Because the second token is only one character long, it would be ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password. All of these checks are case insensitive. These complexity requirements are enforced upon password change or creation of new passwords. It is recommended that you enable this setting. hope this helps !sainath !analyze
July 9th, 2009 8:31am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics