Question

Locked

Complex Passwords

By jbm ·
What can I expect from my network users once I enable complex passwords on our Win2003 Active Directory Domain? Will users be locked out? Will users be asked to change their passwords? Or will logon be unchanged until the users 60 days are up (I have set that passwords must be changed every 60 days...)?
Thanks JBM

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Lots of complaints

by Maevinn In reply to Complex Passwords

Lots. LOTS. Trust me. Everyone will gripe, so offer them some advice on how to choose a complex password that they can remember.

You will see a slight increase in suers getting locked out, particularly if you choose to implement this during the holidays when so many people are gone for an extended period. Simple solution--wait until after the holidays. Talk with HR (or whoever keeps track of this) and find out when the fewest people are taking leave to implement this.

You can control if they have to change their password immediately, or wait until the time period expires. It won't lock them out unless they change it and immediately forget. I prefer to force them all to do it at once--yes, means you're busy solving lots of problems for a few days, but to me, that's better than having one to 2 to deal with each day for 60 days.

Collapse -

Send advance notification.....

by torstentb In reply to Lots of complaints

I agree to Mavyn's statement. I would also suggest you compose a simple "Password Policy" stating what the requirements for a complex password are and how it is going to be implemented. Send this out befor you make the changes and wait for possible feedback from your users. That way you can collect the questions and concerns, out it in a FAQ which you can easily refer to when users have questions after the change.

Collapse -

Complex Passwords

by ywawi In reply to Complex Passwords

i think the are three criteria for windows 2003 server ..
1- Complex pass word.
2- Password Expier.
3- User inter pass word on the first start up .
i think that's it ,but we had too inter a Complex.
when u create a user u can just let him choose his owen Password and from active directory right click on the OU or On USER then properties then u can choose complex Password or remove The Comples Password.

Collapse -

Complex Passwords

by ywawi In reply to Complex Passwords

i think the are three criteria for windows 2003 server ..
1- Complex pass word.
2- Password Expier.
3- User inter pass word on the first start up .
i think that's it ,but we had too inter a Complex.
when u create a user u can just let him choose his owen Password and from active directory right click on the OU or On USER then properties then u can choose complex Password or remove The Comples Password.

Collapse -

System logon

by jamesatmaisonverre In reply to Complex Passwords

I work with these password everyday,and the most common issue is that people forget to turn off there num lock and scroll lock while entering in the password which locks there profile after three entries.So the advice iwould pass on is that if they get an invalid password error on the first go,enter their password into the username field to see are the correct characters being inputed.The most common occurance is when they come back after lunch and try to log on to the desktop and forget about the key locks

Collapse -

What happens the moment you make the change...

by scott_heath In reply to Complex Passwords

I am assuming you are changing the default domain policy. It will take 15 or so minutes for the change to be replicated to all servers. At that point any user who changes their password will be required to use a complex password. Users with non-complex passwords will continue as normal until the next password change.

Collapse -

communication is key

by lowlands In reply to Complex Passwords

Make sure to tell your users before implementing this change what exactly a "complex password" looks like. if you don't do that, you'll end up with a lot of frustrated users and support calls.

Like another poster said, users can keep using their not-so-complex passwords without any problems until their password expires, and at that time they'll have to generate a new, complex password.

These are the rules you'll have to communicate:
? Is not based on the user?s account name.

? Contains at least six characters.

? Contains characters from three of the following four categories:

? Uppercase alphabet characters (A?Z)

? Lowercase alphabet characters (a?z)

? Arabic numerals (0?9)

? Nonalphanumeric characters (for example, !$#,%)

Back to Networks Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums