RE: Max Password Age

2013-01-10 Thread Ken Schaefer 
Curious to know what you needed to do to come to the last conclusion? How many 
users do you have?

Cheers
Ken

From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov]
Sent: Thursday, 10 January 2013 3:39 AM
To: NT System Admin Issues
Subject: RE: Max Password Age

It's a pretty nice place to work.  Unfortunately, I don't go out into the field 
much at all, but it's a really good team that I work with.  We're getting ready 
to start Wave 1 of our massive upgrade from XP on the desktops, Novell for 
file/print and Groupwise for e-mail, moving to Win7 on desktops, Active 
Directory, and Exchange.  Oh, and replacing 400 Blackberries with iPhones.  
Then, when we're done with that, we get to migrate the mail to the cloud, due 
to the Governator making a law requiring it.  Even though we can run it much 
more efficiently and cost effective in-house.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, January 09, 2013 7:39 AM
To: Heaton, Joseph@Wildlife; NT System Admin Issues
Subject: Re: Max Password Age

I would have thought the latter
BTW that sounds like an interesting place to work!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Max Password Age

2013-01-10 Thread Mark Boeck 
O! my! i did the novell to active directory thing about 8 years ago. have
fun! :D
LOL at legislators making IT legislation!



On Wed, Jan 9, 2013 at 10:38 AM, Heaton, Joseph@Wildlife <
joseph.hea...@wildlife.ca.gov> wrote:

>  It’s a pretty nice place to work.  Unfortunately, I don’t go out into
> the field much at all, but it’s a really good team that I work with.  We’re
> getting ready to start Wave 1 of our massive upgrade from XP on the
> desktops, Novell for file/print and Groupwise for e-mail, moving to Win7 on
> desktops, Active Directory, and Exchange.  Oh, and replacing 400
> Blackberries with iPhones.  Then, when we’re done with that, we get to
> migrate the mail to the cloud, due to the Governator making a law requiring
> it.  Even though we can run it much more efficiently and cost effective
> in-house.
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Max Password Age

2013-01-10 Thread Steve Kradel 
Yep - the workaround to a flood of angry users who suddenly can't do
non-interactive logins would be to identify folks in the ~50-90 day
window ahead of time, and set their pwdLastSet to 0 and then to -1,
which has the effect of setting pwdLastSet to the current time.

--Steve

On Wed, Jan 9, 2013 at 10:50 AM, Miller Bonnie L.
 wrote:
> Everyone in the 60-89 day window will expire as soon as the policy takes
> effect.
>
>
>
> -Bonnie
>
>
>
> From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov]
> Sent: Wednesday, January 09, 2013 7:36 AM
>
>
> To: NT System Admin Issues
> Subject: Max Password Age
>
>
>
> If my policy currently is 90 days, and I then shorten that to 60 days, does
> the clock reset to 0, or will everyone that’s in the 60-89 day window going
> to have expired passwords?
>
>
>
>
>
> Thanks,
>
>
>
>
>
> Joe Heaton
>
> Enterprise Server Support
>
> CA Department of Fish and Wildlife
>
> 1807 13th Street, Suite 201
>
> Sacramento, CA  95811
>
> Desk:  (916) 557-3422
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Max Password Age

2013-01-09 Thread Heaton, Joseph@Wildlife 
It's a pretty nice place to work.  Unfortunately, I don't go out into the field 
much at all, but it's a really good team that I work with.  We're getting ready 
to start Wave 1 of our massive upgrade from XP on the desktops, Novell for 
file/print and Groupwise for e-mail, moving to Win7 on desktops, Active 
Directory, and Exchange.  Oh, and replacing 400 Blackberries with iPhones.  
Then, when we're done with that, we get to migrate the mail to the cloud, due 
to the Governator making a law requiring it.  Even though we can run it much 
more efficiently and cost effective in-house.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, January 09, 2013 7:39 AM
To: Heaton, Joseph@Wildlife; NT System Admin Issues
Subject: Re: Max Password Age

I would have thought the latter
BTW that sounds like an interesting place to work!

On 9 January 2013 15:35, Heaton, Joseph@Wildlife 
mailto:joseph.hea...@wildlifeca.gov>> wrote:
If my policy currently is 90 days, and I then shorten that to 60 days, does the 
clock reset to 0, or will everyone that's in the 60-89 day window going to have 
expired passwords?


Thanks,


Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 557-3422



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
James Rankin
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Max Password Age

2013-01-09 Thread itli...@imcu.com 
Query for those accounts first.  Communicate with them to change their
password now.

Then make the GPO change.

Then see how many actually followed your direction.

 

From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] 
Posted At: Wednesday, January 9, 2013 10:50 AM
Posted To: itli...@imcu.com
Conversation: Max Password Age
Subject: RE: Max Password Age

 

Everyone in the 60-89 day window will expire as soon as the policy takes
effect.

 

-Bonnie

 

From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] 
Sent: Wednesday, January 09, 2013 7:36 AM
To: NT System Admin Issues
Subject: Max Password Age

 

If my policy currently is 90 days, and I then shorten that to 60 days,
does the clock reset to 0, or will everyone that's in the 60-89 day
window going to have expired passwords?

 

 

Thanks,

 

 

Joe Heaton

Enterprise Server Support

CA Department of Fish and Wildlife

1807 13th Street, Suite 201

Sacramento, CA  95811

Desk:  (916) 557-3422

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Max Password Age

2013-01-09 Thread John Cook 
IIRC it only kicks in after they have to change it. You can always force a 
change but if you do, do it in waves – nothing like flooding the help desk with 
password reset issues.

 John W. Cook
Network Operations Manager
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Wednesday, January 09, 2013 10:47 AM
To: NT System Admin Issues
Subject: Re: Max Password Age

Changing the Max password Age value in GPO does not reset the pwdLastSet value 
of the users.

Christopher Bodnar
Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com

[cid:image001.jpg@01CDEE58.9EFE6FA0]

The Guardian Life Insurance Company of America

www.guardianlife.com<http://www.guardianlife.com/>







From:"Heaton, Joseph@Wildlife" 
mailto:joseph.hea...@wildlife.ca.gov>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:01/09/2013 10:36 AM
Subject:Max Password Age




If my policy currently is 90 days, and I then shorten that to 60 days, does the 
clock reset to 0, or will everyone that’s in the 60-89 day window going to have 
expired passwords?


Thanks,


Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 557-3422



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

RE: Max Password Age

2013-01-09 Thread Miller Bonnie L . 
Everyone in the 60-89 day window will expire as soon as the policy takes effect.

-Bonnie

From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov]
Sent: Wednesday, January 09, 2013 7:36 AM
To: NT System Admin Issues
Subject: Max Password Age

If my policy currently is 90 days, and I then shorten that to 60 days, does the 
clock reset to 0, or will everyone that's in the 60-89 day window going to have 
expired passwords?


Thanks,


Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 557-3422



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Max Password Age

2013-01-09 Thread Christopher Bodnar 
Changing the Max password Age value in GPO does not reset the pwdLastSet 
value of the users. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Heaton, Joseph@Wildlife" 
To: "NT System Admin Issues" 
Date:   01/09/2013 10:36 AM
Subject:Max Password Age



If my policy currently is 90 days, and I then shorten that to 60 days, 
does the clock reset to 0, or will everyone that’s in the 60-89 day window 
going to have expired passwords?
 
 
Thanks,
 
 
Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 557-3422
 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

RE: Max Password Age

2013-01-09 Thread Randal, Phil 
As far as I know, they'll all end up with expired passwords.

Easiest workaround is to reduce the max password age by one day every day for 
the next 30 days.

Cheers,

Phil

--
Phil Randal
Infrastructure Engineer
Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT
Tel: 01432 260415 | Email: 
phil.ran...@hoopleltd.co.uk

From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov]
Sent: 09 January 2013 15:36
To: NT System Admin Issues
Subject: Max Password Age

If my policy currently is 90 days, and I then shorten that to 60 days, does the 
clock reset to 0, or will everyone that's in the 60-89 day window going to have 
expired passwords?


Thanks,


Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 557-3422



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

"Any opinion expressed in this e-mail or any attached files are those of the 
individual and not necessarily those of Hoople Ltd. You should be aware that 
Hoople Ltd. monitors its email service. This e-mail and any attached files are 
confidential and intended solely for the use of the addressee. This 
communication may contain material protected by law from being passed on. If 
you are not the intended recipient and have received this e-mail in error, you 
are advised that any use, dissemination, forwarding, printing or copying of 
this e-mail is strictly prohibited. If you have received this e-mail in error 
please contact the sender immediately and destroy all copies of it.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Max Password Age

2013-01-09 Thread Richard Stovall 
Just reset it to 1 and see what happens.

:)


On Wed, Jan 9, 2013 at 10:35 AM, Heaton, Joseph@Wildlife <
joseph.hea...@wildlife.ca.gov> wrote:

>  If my policy currently is 90 days, and I then shorten that to 60 days,
> does the clock reset to 0, or will everyone that’s in the 60-89 day window
> going to have expired passwords?
>
> ** **
>
> ** **
>
> Thanks,
>
> ** **
>
> ** **
>
> Joe Heaton
>
> Enterprise Server Support
>
> CA Department of Fish and Wildlife
>
> 1807 13th Street, Suite 201
>
> Sacramento, CA  95811
>
> Desk:  (916) 557-3422
>
> ** **
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Max Password Age

2013-01-09 Thread James Rankin 
I would have thought the latter

BTW that sounds like an interesting place to work!


On 9 January 2013 15:35, Heaton, Joseph@Wildlife <
joseph.hea...@wildlife.ca.gov> wrote:

>  If my policy currently is 90 days, and I then shorten that to 60 days,
> does the clock reset to 0, or will everyone that’s in the 60-89 day window
> going to have expired passwords?
>
> ** **
>
> ** **
>
> Thanks,
>
> ** **
>
> ** **
>
> Joe Heaton
>
> Enterprise Server Support
>
> CA Department of Fish and Wildlife
>
> 1807 13th Street, Suite 201
>
> Sacramento, CA  95811
>
> Desk:  (916) 557-3422
>
> ** **
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
*James Rankin*
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin