On Wed, Aug 26, 2009 at 12:47 AM, Kevin <[email protected]> wrote: > Say you have an expiry of 60 days, and the previous 6 blocked > through AD, so thats 360 months before the "first" > password can be used again, right? Nah, change your password > 7 times through a windows client and they are back to using their > first password in 5 minutes.
FWIW, that much can be countered using the "Minimum password age" policy. Even setting it to 1 day (the smallest possible) will usually do the trick. -- Ben
