user accounts password expiration dates changed

By roslevichm ·
I'm a tech at a K-12 school district (just throwing that out there as background). We just (within the hour) had a bunch of people call in saying that they couldn't log into their domain computers, and that it was saying that their passwords were expired. When I checked their accounts using "net user blah blah" they all had expiration dates that were 42 days after password set. That was strange, since we have it set that all users passwords expire after 1 year. What made it more strange was that I checked my own account and mine was set to 42 days!

Does anyone out there know of anything that could change all domain users password expiration dates? Event Viewer isn't showing anything helpful, so I thought I would post something quick and see if anyone has had similar things happen or if something could do that without admin rights.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

42 days is the default maximum password age setting

by robo_dev In reply to user accounts password ex ...

You are correct that this is very strange.

My first concern would be that somebody has discovered your admin credentials.

The first thing I would do is look at your policy settings to see if the policy shown in the group policy editor has changed.

To me, an unexplained group-policy change sounds like a security incident. I would look real closely at that server to see if other policy changes happened at the same time.

Windows Intruder Detection Checklist

...changes to policy are #14 on the checklist

Collapse -

Since you're back to default password expiration

by TobiF In reply to 42 days is the default ma ...

Could the corresponding policy file have gone corrupt on the server?

Collapse -

Sure - someone with Admin rights.

by seanferd In reply to user accounts password ex ...

If your pwd doesn't expire for a year, I'll bet that someone has found it or figured it out. See if you can find evidence of your logon at a time when you weren't logged in as the domain admin.

Has this been changed in GP?

One reason that this is my guess: The significance of the number 42.

Someone else may have a different idea.

Collapse -

Actually 42 is the default value in Win 2K3

by robo_dev In reply to Sure - someone with Admin ...

some programmer at Microsoft was a Douglas Adams fan, obviously.

Related Discussions

Related Forums