Setting password policy - knock-on effects?
The password policy at my place of work has (until today) been very relaxed for example the minimum password length is currently 2 characters and I want to change that to something more robust.
If there are service account passwords in place that are currently 2 characters and I change the length required to 7. Will those passwords require changing?
July 16th, 2012 11:23am
hi Richard,
As a good practice you should set those passwords (resource,/service accounts) to 'never expire' before implementing the policy to avoid such issues.
hope this helps,David
:: Please vote if the info helped you :: Please post back so everyone can benefit from the solution ::
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2012 1:19pm
Hi,
> If there are service account passwords in place that are currently 2 characters and I change the length
> required to 7. Will those passwords require changing?
Password policy must be defined at domain level and password policy will be applied to client at next group policy refresh. But password policy is take effect at next time change password.
So services account password isnt need change immediately, password policy will take effect at next time you change password, and 2 characters password is not allowed.
We recommend that service accounts have Password never expires option enabled and use strong passwords.
For more information please refer to following MS articles:
Understanding User Accounts
http://technet.microsoft.com/en-us/library/cc755130.aspx
Effects of machine account replication on a domain
http://support.microsoft.com/kb/175468
Changing the Maximum Machine Account Password Age with Windows 2000 Server Group Policy
http://social.technet.microsoft.com/Forums/en-CA/winserverGP/thread/e6a234d6-532d-4f84-93f0-1e717e7f8316Lawrence
TechNet Community Support
July 17th, 2012 2:44am