Password Policy Question
Ally77
Member Posts: 212
Can anyone explain the following question for me:
Scenario:
1. Password must be changed every 45 days
2. Users can change p/w immediately after they change their password once
3. Cant use the same p/w until at least 10 different p/w's are used
Answer:
min password age: 0
max password age: 45
Enforce password history: 10
I understand why the values 45 and 10 are needed where they are but dont understand how the value 0 satisfies the criteria for part 2 of the question
Any help appreciated
Thanks
Scenario:
1. Password must be changed every 45 days
2. Users can change p/w immediately after they change their password once
3. Cant use the same p/w until at least 10 different p/w's are used
Answer:
min password age: 0
max password age: 45
Enforce password history: 10
I understand why the values 45 and 10 are needed where they are but dont understand how the value 0 satisfies the criteria for part 2 of the question
Any help appreciated
Thanks
Comments
-
woodworm
Member Posts: 153
Min Password Age stops someone from resetting their password 10 times (one after another) to get back to their current password.
So if min password age is = 1 - then they have to wait 1 day before they can reset it again, by having it set to 0 then they can reset their password as many times as they like in a day. -
Ten9t6
Member Posts: 691
Ally77 wrote:Can anyone explain the following question for me:
Scenario:
1. Password must be changed every 45 days
2. Users can change p/w immediately after they change their password once
3. Cant use the same p/w until at least 10 different p/w's are used
Answer:
min password age: 0
max password age: 45
Enforce password history: 10
I understand why the values 45 and 10 are needed where they are but dont understand how the value 0 satisfies the criteria for part 2 of the question
Any help appreciated
Thanks
2. Users can change p/w immediately after they change their password once
Minimum password age determines how many days a new password must be kept before the user can change it. This setting is designed to work with the Enforce password history setting so that users cannot quickly reset their passwords the required number of times, and then change back to their old passwords. The value of this setting can be between 0 and 999; if it is set to 0, users can immediately change new passwords. It is recommended that you set this value to 2 days.
This was taken from:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx
hope this helps..
KennyKenny
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA -
Ally77
Member Posts: 212
Thanks a lot, realised i have completely misread the question. After reading the replies n reading the questiona few more times i understand now
Thanks