# Minimum Password Age



## cryingvalor (Nov 4, 2006)

- hey guys im trying to configure the password policy....i have read some documents but i cant still understand how the minimum password age works.


----------



## crazijoe (Oct 19, 2004)

Minimum password age is how long before it informs the user to change his/her password. (Days before the user is forced to change his/her password) When a user logs on, it will prompt them that their password will expire in X amount of days and ask if they want to change their password.

Maximum password age is when it will force the user to change his/her password.


----------



## cryingvalor (Nov 4, 2006)

- ahh ok :grin: 
- but whats the difference of the Minimum Password Age/Maximum Password Age with these settings in the Security Options:



> Domain member: Maximum machine account password age
> 
> Interactive logon: Prompt user to change password before expiration


----------



## crazijoe (Oct 19, 2004)

> Interactive logon: Prompt user to change password before expiration


Where are you seeing this at? . I don't have this setting in my GPO.


----------



## cryingvalor (Nov 4, 2006)

- well i saw it in the GPO - computer settings - windows settings - security settings - local policies - security option.


----------



## crazijoe (Oct 19, 2004)

Really not sure. It would seem to me as if this is a setting for the local machine. If you let some one log on interactively onto another machine or perhaps remote into another machine. I don't have them settings defined on our domain.


----------



## cryingvalor (Nov 4, 2006)

- i have created a sample OU with a GPO configured withe windows 2003 security guide security settings. how would i test if the settings are good and working?


----------



## crazijoe (Oct 19, 2004)

Normally you would run a gpresult on a workstation where a user, that is a member of that OU, is logged in at. This will tell you what GPOs are applied and which ones are filtered out.


----------



## cryingvalor (Nov 4, 2006)

- ok thank youray:


----------



## Chevy (Jul 25, 2003)

crazijoe said:


> Minimum password age is how long before it informs the user to change his/her password. (Days before the user is forced to change his/her password) When a user logs on, it will prompt them that their password will expire in X amount of days and ask if they want to change their password.
> 
> Maximum password age is when it will force the user to change his/her password.


I thought Min Password age was just that ... the minimum amount of time before the system will allow a password change. (Used mainly to slow down those users who think they need to change every week ... then promptly forget the password ... :grin


----------



## sahmeepee999 (Jan 24, 2008)

Chevy said:


> (Used mainly to slow down those users who think they need to change every week ... then promptly forget the password ... :grin


You have the what, but not the why! You can enforce a minimum password age so that users who also have a password history configured can't just change their password a load of times (more than the number of passwords stored in the history that is) and then go back to the one they were using.


----------

