Hmm we did that ~ 2 yrs ago. We used to assign passwords but *finally* sold it to upper mgt to do it via Active Dir and the built in complexity policy (2003 native mode). It went pretty well, nobody lost access, they had to change their passwords at next logon. We announced it well before hand (many times). Still had much wailing and gnashing of teeth but it's been worth it! We even went through the expiry of passwords and peeps were able to change them (mostly no hand holding). We added the accountinfo.dll or whatever it is called to see when passwords were set on the DC's for each acct.
On Tue, Jun 15, 2010 at 2:11 PM, Ben Scott <mailvor...@gmail.com> wrote: > Hello, list, > > After years of lobbying on my part, I have finally gotten top > management at %WORK% to approve a company password policy, complete > with enforcement via Active Directory/Group Policy. (And there was > much rejoicing!) > > I know we have people who have never changed their password since > they were hired in 2001. When we suddenly go from "No password > expiration" to "X days", at their next logon, they'll be prompted to > change their password. However, until they logoff/logon, the system > won't prompt them. My question is: Will they have trouble accessing > resources until they change their password? I've never tried to use a > Windows domain with an 8-year-expired password before. > > Win 2000 AD server, Win XP Pro SP3 clients. > > (Yes I know Win2K has five weeks until EOL. I'm working on it. > Budget priorities, bad economy, yadda yadda.) > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
