I want to implement a stronger password policy for our Windows 2003 domain.
My question is, what will happen to the currently existing passwords that do not match the new policy: will the users be blocked, prompted to change their passwords, or will they be able to log on as usual until Windows asks them to change their password next?
Thanks.
Best Answer
By default, users will be able to log on fine, and won't be forced to change their passwords straight away. When their password is next due for renewal then they will need to supply a password of the correct complexity at that time.
You can of course set the 'change password at next logon' flag on all accounts now if you want people to change their passwords as soon as possible. Depending on your situation this might be useful though obviously rather disruptive too; if you tell people about the new rules now but some of them don't have to change their passwords for another 60 days then they'll probably have forgotten about the new complexity rules by then.
If you want everyone to have a complex password then make sure that all passwords are set to expire so that they have to change them.