Maximum Password Age

Maximum Password Age

Post by OregonStev » Wed, 12 Feb 2003 07:00:59



Greetings-

Shortly after we implemented AD, we configured the Maximum Password Age for
all our OUs to 180 (we do it on the OU level because we have different
departments with different requirements).   I've gone in and changed this
setting to Not Defined, but when I run 'net accounts /domain' from my
workstation it lists:

Force user logoff how long after time expires?: Never
Minimum password age (days): 0
Maximum password age (days): 180
Minimum password length: 0
Length of password history maintained: 1
Lockout threshold: Never
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: BACKUP

The command completed successfully.

I've ran GPupdate and even rebooted on my workstation but with no change.
I've verified that this setting is Not Defined in AD. Do you know of a way
to get this turned off on the workstation?

Thanx
OregonSteve

 
 
 

Maximum Password Age

Post by Gavi » Wed, 12 Feb 2003 10:30:51


Steve,

I beleive the Maximun password age is part of the Default Domain Policy that
is set at the root of your domain, this will apply to all Sites and OU's in
your domain. The only way to overide this i believe is to make sure you have
the "do not inherit" enabled for each OU.

HTH
Gavin..


Quote:> Greetings-

> Shortly after we implemented AD, we configured the Maximum Password Age
for
> all our OUs to 180 (we do it on the OU level because we have different
> departments with different requirements).   I've gone in and changed this
> setting to Not Defined, but when I run 'net accounts /domain' from my
> workstation it lists:

> Force user logoff how long after time expires?: Never
> Minimum password age (days): 0
> Maximum password age (days): 180
> Minimum password length: 0
> Length of password history maintained: 1
> Lockout threshold: Never
> Lockout duration (minutes): 30
> Lockout observation window (minutes): 30
> Computer role: BACKUP

> The command completed successfully.

> I've ran GPupdate and even rebooted on my workstation but with no change.
> I've verified that this setting is Not Defined in AD. Do you know of a way
> to get this turned off on the workstation?

> Thanx
> OregonSteve


 
 
 

Maximum Password Age

Post by Leo Vasilio » Wed, 12 Feb 2003 10:47:23


What Gavin says is correct, with one additional detail.  These security
settings are set on a per domain basis and will still propogate regardless
of any settings (block policy inheriance / do not override) you have on
individual OU's.

These settings include stuff like password length, password expiration, etc.

-leo


> Steve,

> I beleive the Maximun password age is part of the Default Domain Policy
that
> is set at the root of your domain, this will apply to all Sites and OU's
in
> your domain. The only way to overide this i believe is to make sure you
have
> the "do not inherit" enabled for each OU.

> HTH
> Gavin..



> > Greetings-

> > Shortly after we implemented AD, we configured the Maximum Password Age
> for
> > all our OUs to 180 (we do it on the OU level because we have different
> > departments with different requirements).   I've gone in and changed
this
> > setting to Not Defined, but when I run 'net accounts /domain' from my
> > workstation it lists:

> > Force user logoff how long after time expires?: Never
> > Minimum password age (days): 0
> > Maximum password age (days): 180
> > Minimum password length: 0
> > Length of password history maintained: 1
> > Lockout threshold: Never
> > Lockout duration (minutes): 30
> > Lockout observation window (minutes): 30
> > Computer role: BACKUP

> > The command completed successfully.

> > I've ran GPupdate and even rebooted on my workstation but with no
change.
> > I've verified that this setting is Not Defined in AD. Do you know of a
way
> > to get this turned off on the workstation?

> > Thanx
> > OregonSteve

 
 
 

1. Maximum Password age blowing up

We just set the "Maximum Password Age" setting to 90 days in our "Default
Domain Policy". It used to be "Not Defined". Now everyone is being prompted
to change thier password.The problem is that when they attempt to change the
pasword and click OK, they get an error message that thier account is locked
out?? I then have to go and unlck it and manually put in thier password???
The Minimum Password Age is 0 days. Enforce password history is "Not
Defined", Pasword Complexity is "Not Defined, Account lockout Threshold is
"10 invalid attempts" For some reason the account is getting locked out as
soon as they are prompted to change thier password, but because its locked
out, they can't change them. HELP

2. VTxxx datasheets

3. Maximum Password Age

4. Does anyone know...

5. confusion over maximum password age....

6. Tombraider2

7. Maximum Password Age

8. Linked lists and read/write?

9. Force maximum password age on only some users???

10. Password Age Setting

11. password age

12. 2000 Pro user passwords age

13. default domain GPO, password aging