[gptalk] Re: Password Policy

  • From: "Cruz, Jerome L" <jerome.l.cruz@xxxxxxxxxx>
  • To: "gptalk@xxxxxxxxxxxxx" <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 17 Apr 2008 14:25:48 -0700

From a Domain perspective, password policy settings essentially apply the new 
settings when the passwords are "changed". For example, say you have a "Maximum 
password age" set to 90 days (3 months). You then enable the "Password must 
meet complexity requirements" setting. At that point all users "changing" 
passwords will have to use complex password as the passwords are cycled for 
each user over the next 3 months. It'll take three months to apply. Also, your 
user account (usually service accounts) which may never expire will never be 
switched to using a complex password.

We have over 150,000+ users and made a similar switch recently. No issues. All 
End User accounts are now switched and did so a bit at a time daily as they 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Dave Palombi
Sent: Thursday, April 17, 2008 1:26 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Password Policy

What would happen if I changed the policy?  Would users be asked to change 
their passwords right away?

On Thu, Apr 17, 2008 at 3:18 PM, Dave Palombi 
<dave.palombi@xxxxxxxxx<mailto:dave.palombi@xxxxxxxxx>> wrote:

Thanks for the info.  We are trying to migrate certain sections with different 
password policy's until everyone has been done then one big policy at the end.  
How would I be able to achive this.


On Thu, Apr 17, 2008 at 3:14 PM, Darren Mar-Elia 
<darren@xxxxxxxxxx<mailto:darren@xxxxxxxxxx>> wrote:


Are you trying to apply password policy to a domain user or a local user 
account on a workstation or member server? Password policy, as you've noticed, 
does not apply to users. IT applies only to computers where the accounts 
reside. In the case of domain user accounts (i.e. held in AD), you can only set 
one password policy for a given domain and that must be in a GPO linked at the 
domain level. For local user accounts-those housed on member servers and 
workstations, you have to make sure that the GPO is linked to those containers 
where those computers reside, not the users.


From: gptalk-bounce@xxxxxxxxxxxxx<mailto:gptalk-bounce@xxxxxxxxxxxxx> 
[mailto:gptalk-bounce@xxxxxxxxxxxxx<mailto:gptalk-bounce@xxxxxxxxxxxxx>] On 
Behalf Of Dave Palombi
Sent: Thursday, April 17, 2008 12:08 PM
To: gptalk@xxxxxxxxxxxxx<mailto:gptalk@xxxxxxxxxxxxx>
Subject: [gptalk] Password Policy


I have a question about implementing a password policy.  I am trying to 
implement a password policy and it works but it is not being applied to the 
user.  All settings are with in the computer settings.  When I do a gpresult, 
the policy shows under not applied section and this it says filtering: not 
applied (empty)

Your thoughts.


Other related posts: