True, but short of running password audit tools it is the only way to guarantee that all users meet the new complexity requirement.
-Jeff On Thu, Aug 26, 2010 at 11:28 AM, Ken Schaefer <[email protected]> wrote: > That’s not quite the same as what Ben’s asking for. It will force everyone > to change their password, regardless of whether their current password meets > the new requirement or not. > > > > Cheers > > Ken > > > > *From:* David Mazzaccaro [mailto:[email protected]] > *Sent:* Thursday, 26 August 2010 10:42 PM > > *To:* NT System Admin Issues > *Subject:* RE: Minimum password length GPO > > > > Ah.. great idea! > > thx! > > > > > ------------------------------ > > *From:* Kennedy, Jim [mailto:[email protected]] > *Sent:* Thursday, August 26, 2010 10:37 AM > *To:* NT System Admin Issues > *Subject:* RE: Minimum password length GPO > > You can also just mass select the accounts in ADUC, right click properties > and hit the checkbox for must change password at next login. That is how I > did our migration to more complex passwords. That let me do it a department > at a time and control the help desk load. > > > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Thursday, August 26, 2010 10:35 AM > *To:* NT System Admin Issues > *Subject:* Re: Minimum password length GPO > > > > Change the password age. :) > > > > That'll take impact rather quickly. > > > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Exploiting Technology for Business Advantage...* > * * > > Signature powered by > <http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=email&utm_campaign=footer> > WiseStamp<http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=email&utm_campaign=footer> > > > > > On Thu, Aug 26, 2010 at 9:48 AM, Ben Scott <[email protected]> wrote: > > On Thu, Aug 26, 2010 at 9:42 AM, David Mazzaccaro > <[email protected]> wrote: > > If a default domain policy GPO states "min password length is 7" and I > > change it to "min password length 8"… what will happen to those users who > > are currently using 7 characters? > > Password policy is enforced when a password is changed, not at > logon. So existing passwords which do not meet password policy will > continue to work. > > It would be nice to have an option to re-check passwords at logon > and force a change if non-complaint with current policy, but that > doesn't exist, AFAIK. > > > > > . > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
