1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password Policies

Discussion in 'Windows Server 2003 / 2008 / 2012 Exams' started by zimbo, Mar 30, 2006.

  1. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    I just seen something here that i cant quite relate to the real world and hoping someone can help out..

    Im talking about password policies in GPO

    Enforce Password History - lets say this has a value of 6, that means the password the user has now cant be entered again until they enter 6 new passwords over a certain timeframe right?

    Max Password Age - Lets say we have 25 here... so every 25 days the users must change their password.

    now this is the one i cant make sense of:

    Min Password Age - users must wait a certain number of days to change the password again? could some relate this to the real world please? :blink

    how does the max and min password age related or can you have either the one or the other?
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  2. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    say you have a password history of 6, then people could just change their password (ctrl-alt-del) 6 times in a row, and get their old password back. to prevent that, there is the minimum password age. maximum password age speaks for itself.
     
  3. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    i forgot about the ctrl-alt-del... so you can have max and min or you MUST have a max and min - best practice?
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  4. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    depends on the complexity of your network, and how savvy your users are. i usually go for a tight policy just to be on the safe side. the impact of password policies on the users is usually minimal, because most settings don't affect them anyway. maximum password age and strong password requirement are the ones they usually have to deal with.
     
  5. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    thanks! you cleared it up! back to the books! 8)
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    There always seems to be one user in every company Ive worked at who knows this trick! :biggrin

    I just disable their account! :tune
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...