No, I was just saying that the minimum password age is useful in conjunction with enforced password history, as others have pointed out and I guess I didn't make clear.
________________________________ From: Sean Rector [mailto:[email protected]] Sent: Tuesday, April 28, 2009 12:13 PM To: NT System Admin Issues Subject: RE: Password Policy - - how do you handle this? I think you're thinking of Enforce Password History. Sean Rector, MCSE From: Ralph Smith [mailto:[email protected]] Sent: Tuesday, April 28, 2009 12:05 PM To: NT System Admin Issues Subject: RE: Password Policy - - how do you handle this? I think the idea is that if you prohibit the reuse of the same password for x number of changes, this prevents the user from cycling through several consecutive changes in order to be able to use the same password they started with, thus defeating the policy requiring password changes. ________________________________ From: Michael B. Smith [mailto:[email protected]] Sent: Tuesday, April 28, 2009 11:58 AM To: NT System Admin Issues Subject: RE: Password Policy - - how do you handle this? I don't think the behavior is as you expect. Fire up a virtual AD and check. :-) But I still think it's silly. YMMV. ________________________________ From: Jeremy Anderson [[email protected]] Sent: Tuesday, April 28, 2009 11:39 AM To: NT System Admin Issues Subject: Password Policy - - how do you handle this? The security guy is insisting that we set the Min Password Age to 1 day. I agree in theory that this is a swell idea, but in practice, I think it will be a disaster. We have users that forget their passwords every other day (Don't ask) and company politics that are going to let this bad habit continue. Admins reset the password, and set the flag that says "Must change password on next logon" I say, that the user will never get prompted to reset the next time they login, or that changing it will fail, because the password is now less than one day old. Security guy says "Not having that set is a bad idea, other companies do it, make it happen" How do you guys deal with this? Thanks Jeremy Confidentiality Notice: ****************** This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. Information Technology Manager Virginia Opera Association E-Mail: [email protected] <mailto:[email protected]> Phone: (757) 213-4548 (direct line) {+} Virginia Opera's 35th Anniversary Season <http://www.vaopera.org> The One You Love Celebrate with a 2009-2010 Subscription: La Bohème <http://www.vaopera.org/html/currentoperas/opera1.cfm> , The Daughter of the Regiment <http://www.vaopera.org/html/currentoperas/opera2.cfm> , Don Giovanni <http://www.vaopera.org/html/currentoperas/opera3.cfm> and Porgy and BessSM <http://www.vaopera.org/html/currentoperas/opera4.cfm> Visit us online at www.vaopera.org <http://www.vaopera.org> or call 1-866-OPERA-VA ________________________________ This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. {*} Confidentiality Notice: ---------------------------------- This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
