password policy question
Hello, I'm using secedit.exe as part of some automation scripts to apply a security template to servers (2003/2008/2008R2). The security template is setting some password policy elements. Taking password complexity requirements as an example, what happens when a password policy is applied that current user accounts do not comply with? Will their existing non-compliant passwords just stay in place and work until the user goes to change their password? Which means without a policy forcing them to change their password they could remain non-compliant indefinitely. My particular situation is dealing with local accounts, no domain involved, not your typical corp scenario.
April 9th, 2010 12:35am

Hi, Afaik, the existing passwords will still work until such time that these passwords expire or when the users change their passwords where they will have to comply with your complexity requirements. If you want to force the users to change passwords immediately, you may need to run a script to set the PwdLastSet property of all your user accounts to 0. Regards,Salvador Manaois IIIMCSE MCSA MCTS MCITP C|EH CIWA ----------------------------------------------------------------------------Bytes & Badz: http://badzmanaois.blogspot.comMy Passion: http://flickr.com/photos/badzmanaoisMy Scripting Blog: http://sgwindowsgroup.org/blogs/badz
Free Windows Admin Tool Kit Click here and download it now
April 9th, 2010 7:33am

Salvador is correct. If needed, you can also choose to set an expire time so that all users will need to change password next time logon the computer.
April 9th, 2010 8:32am

Thanks Salvador and Shaon. That's what I needed to know.
Free Windows Admin Tool Kit Click here and download it now
April 9th, 2010 4:09pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics