Force users to change passwords
Each user account includes several options that define security parameters for the account. One of these determines whether Windows 2000 ages the users’ passwords, eventually expiring the password and requiring the user to specify a new one. Using password expiration guards against a user keeping the same password for a long period of time, making it more susceptible to being stolen or discovered and thereby compromising the user’s account.
Configuring accounts for password expiration requires two steps. You first configure the user accounts for password expiration and then define the expiration period through the password policy.
Configure user accounts
The first step in enforcing password expiration is to configure each user account’s properties to enable expiration. You configure expiration for local accounts through the Local Users and Groups branch of the Computer Management console. You configure expiration for domain accounts through the Active Directory Users and Computers console. This section assumes you’re configuring the properties for local accounts. The steps are similar for domain accounts:
Open the Computer Management console and then the Local Users and Groups branch, or open the Local Users and Groups console.
Open the Users branch and double-click the user whose settings you want to change.
Deselect the option “Password never expires” and click OK.
Configure other accounts for expiration as desired and close the management console. ...
Get Windows 2000 Quick Fixes now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
