Security Basics mailing list archives

Re: Changing the domain password policy

From: Mike Devlin <mdevlin () boston com>
Date: Fri, 02 Feb 2007 14:17:30 -0500

yes, you are right that if you change the password complexityrequirements/minimum length, all the accounts that don't meet the newrequirements are fine until their password expires or is forced torotate. I suppose that if you wanted to be extra safe, you could make apolicy just for the service accounts, and have a different set ofpassword requirements for these accounts, and have the default domainpolicy have the stronger password complexity settings.


                                          - Mike

Gary Collis wrote:

Hi All,
I wish to amend my windows domain policy to include passowrdcomplexity and minimum length. However I have a bunch of serviceaccounts, of which I do not know all. These passswords are set in ADto not expire. Am I right in thinking that the changes to the domainpassword policy will not effect the accounts that have this attributeset in AD, until these passwords are actually changed?
How do other people deal with service accounts and their adherence todomain password policys?
Thanks,

Current thread:

Changing the domain password policy Gary Collis (Feb 02)
- RE: Changing the domain password policy Huang, John, GCM (Feb 02)
  - RE: Changing the domain password policy Roger A. Grimes (Feb 05)
- RE: Changing the domain password policy Scott Ramsdell (Feb 02)
  - RE: Changing the domain password policy Roger A. Grimes (Feb 05)
- RE: Changing the domain password policy Depp, Dennis M. (Feb 02)
- Re: Changing the domain password policy Mike Devlin (Feb 02)
  - Re: Re: Changing the domain password policy David Grant (Feb 05)
  - Re: Changing the domain password policy Raoul Armfield (Feb 06)
- <Possible follow-ups>
- Re: Changing the domain password policy krymson (Feb 02)
- Re: Changing the domain password policy test (Feb 07)