Announcement

Collapse
No announcement yet.

Adding and Enforcing password policy

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding and Enforcing password policy

    At the moment all users have passwords but i want to enforce complex passwords ie min 8 characters, etc..

    Once make these changes to the domain policy, will it only effect new passwords created or will it look at existing passwords and prompt the user to change.

    I suppose i could enforce a password change across the domain to enforce this chnage but as some users already have suitable passwords i was wondering if there is a way round it.

    Regards

    Richard

  • #2
    Re: Adding and Enforcing password policy

    Richie,

    It will only come into effect when the user has to change their password. All users who have passwords that dont match the 'Complex' requirement will be OK untill they are forced to next xhange their password.

    I suppose it's up to you whether you want to force all users to change their password straight away after you implement the complex password. I would also advise all users of the change and what the requirements of the new password are.

    Hope this helps

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Adding and Enforcing password policy

      To select the users you need to have complax passwords, you could use a logon script only for those users. Or set the complax password option manually if there are only a few users and then set the password to be changed at next logon.
      Michael
      Forensic IT Consultant

      Comment


      • #4
        Re: Adding and Enforcing password policy

        If you have Win 2003 than forcing to change password is simple:

        Use this command line code

        dsmod user "cn=username, ou=orgunit, dc=domain, dc=local" -mustchpwd yes

        if users have enabled password never expires then first you must disable it via same command

        dsmod user "cn=username, ou=orgunit, dc=domain, dc=local" -pwdneverexpires no
        Arber I. Ibrahimi

        Comment

        Working...
        X