Password management

Hello all!

I need help regarding Password Management Policies, please!

So, think in the scenario where we have the AD domain, with some GPOs and default domain policy. No any password checking, requirement, etc... configured...

I know that a good practice is to create another GPO specific for password management, right? And do not editing the default, right?

So well, my user can use "123" as password, no validation, no enforcement, no lockout, nothing. everything working fine, without security :)

Now, I create a new GPO for security and make it applied to my users, with password length 8 char, 60 days for renew, 5 last for historic not use again, make complex with numbers, letters, special, etc...

And, I noticed that when my users block the computer for lunch, for example, when they come back to access, the account is locked. is this right? is there any way to prevent this issue? I noticed that some user that have the password like 123 or abc123 received locked and some others are not.

Any suggestion or ideas to make it working very transparent, soft to me and my users?

Thanks,

Diego


September 12th, 2015 2:40am

1. Let people change password according to new rules.

2. Change policy

3. Make sure that polisy is applied

4. Do not forget to let managers to approve policy before starting anything like changing policies ( Safety first including yours :-)  )

Regards

Milos

Free Windows Admin Tool Kit Click here and download it now
September 12th, 2015 3:10am

Hello Milos,

1 - here you are saying that I need to advice my users to create the new password according with the new requirements? So I need to trust that user will create the new password with the requirement?

2 - Here, I understand that after number 1 Ok, so I can change the policy in the AD (GPO)

Should be a way to have an option in the GPO that says just after next user expiration password the new requirements should be effect, right?

kindest regards,

Diego

September 12th, 2015 3:22am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics