Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password Policy 3

Status
Not open for further replies.
riddock55

riddock55

IS-IT--Management
Dec 15, 2007
20
0
0
GB
Hi,

2 Questions..

1) I need to change the password policy of our windows 2003 domain. If users have "password never expires" option ticked in their user accounts, will group policy over ride this if I put a max password age of 6 months on it?

2)Can remote users connected to network via VPN chnage their passwords any way?

Thanks
Nick
 
Sort by date Sort by votes
Having a user account with the "password never expires" check-box turned on basically bypasses what you have set in your group policy.

(my guess) - Remote users connected via a VPN connection should be able to change their passwords manually but only if the appropriate ports and protocols are allowed over the VPN tunnel. The more I think about this though the more I don't think it's possible because they have to log-in to their machines before the VPN connection is even established. This means they are using a local account or cached network credentials. Good question someone else may be better able to answer.

Good luck,
 
Upvote 0 Downvote
If they are using cached network credentials then they can change their password. Once connected to the VPN and hence the domain, they can press CTL+ALT+DEL and choose change password. After the password is changed, they can lock the computer and then unlock it with the new password. That will sync the new password to the laptop.

(And the previous is correct that "password never expires" wins out over password age)
 
Upvote 0 Downvote
Thanks Guys..

Another question if you dont mind..

When I change the max password age to 6 months, will this affect the accounts after I deselect the password never expires options.

ie will the passwords take into account the length of time they have already been active..

I hope this makes sense.
 
Upvote 0 Downvote
Yes, when user logs in, last password change date (pwdLastSet attribute) is checked against current password policy. If last password change date +6 months have passed current date, the user will get prompted to change his password.
Most other password policy settings, eg password min/max length are only enforced during next password change.

Lukasz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
53
strongm
strongm
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
51
penguinroundup
penguinroundup
TECHMAN007
  • Locked
  • Question
RD Web Password Change
Replies
0
Views
39
TECHMAN007
TECHMAN007
rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
75
rrmcguire
rrmcguire
RdFromK
  • Locked
  • Question
GroupPolicy error 1065 with Windows SBS CSE Policy
Replies
2
Views
66
RdFromK
RdFromK

Part and Inventory Search

Sponsor

Back
Top