Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to setup auto password change 1

Status
Not open for further replies.
SacoTechnology

SacoTechnology

Technical User
Sep 26, 2007
41
AU
Hi

I would like to know if it is possible to setup automatic password change required on a windows Small Business Server so that users login passwords must be automatically changed every 30 days.

If so any ideas where I can configure this?
 
Sort by date Sort by votes
I assume you mean that they will prompt the users to change them every 30 days and not automatically change them to something else every 30 days. For the latter solution, you would need to use some 3rd-party products.

To change the password expiration settings, you want to use the Domain Security Policy tool that you'll find in the Admin tools list. Go into Account Policies within that tool, and choose Password policies next. There you can set the Maximum Password Age. Users will be prompted to change their password 15 days before the change is required.

Personally, I think 30 days may be too often. Because they will be reminded that their password is going to expire after 15 days, they will be getting that reminder fully half the time if they wait till day 30 to change it. Studies have also shown that frequent password changes aren't always a good security strategy since users tend to write short-term passwords down much more frequently, and when they do change them, they only change one character of the password.


The Sarbanes-Oxley law doesn't mandate periodic password changes. Nor do the Securities and Exchange Commission rules implementing the law. Nor does the "guidance" issued by the Public Company Accounting Oversight Board, the nonprofit corporation that Sarbanes-Oxley created to regulate audit firms. Nonetheless, password changes have become a standard feature of management strategies to demonstrate compliance with the law....

Deloitte & Touche USA LLP, for example, recommends that companies require employees to change passwords at least once every three months, and more often if the process can be automated.
Click to expand...

I would agree that 90-days is a better password age window, but your environment may have special needs.

ShackDaddy
Shackelford Consulting
 
Upvote 0 Downvote
Thanks will try today.

Yes we require to change our passwords very often due to the nature of what information can be accessed. (Legal Company)
 
Upvote 0 Downvote
Just wanted to let you know that it appeared to work well.

Thanks for the help!
 
Upvote 0 Downvote
Just wanted to let you know of another option: you could go with an economical secure password solution like AuthAnvil that will have the users combine a private PIN with a regularly changing code on a key fob. Normally this is an enterprise solution, but it's been sliding down the market and is now affordable for small-midsized businesses.


ShackDaddy
Shackelford Consulting
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
455
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
483
microsGuy16
microsGuy16
Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
180
strongm
strongm
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
262
hairlessupportmonkey
hairlessupportmonkey
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
191
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top