Forcing Windows users to choose random passwords

975 pts.
Tags:
Active Directory
Active Directory 2003
Active Directory security
Password management
Password policies
Windows administration
Can we force Windows to choose random passwords for accounts created in 2003 Active Directory? Can we force the user to then change their password on login?

Answer Wiki

Thanks. We'll let you know when a new response is added.

In Active Directory Users and Computers expand the local domain, if you open your company users OU, depending on were you created your users.
Right click on the user’s account and select properties to open the users properties dialog box
On the Account’s tab under Account options field
You can select the check box “User must change password at next log on”
select apply and OK

Note that this option is not permanent, as the option is disabled once the user has successfully changed the password and logged on

It is also worth noting that if you want your users to have a ‘random’ password that any domain password settings are done through the default domain policy in Group Policy Management. Any change made here will affect ALL users. It is possible in 2008 to set up multiple password policies but its a bit of a nightmare working out how many milliseconds from the year 1600 it’s been. No i’m no kidding.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Denny Cherry
    Also keep in mind that if you force users to use truly random passwords your help desk is going to get a lot of calls about password problems, and people are going to have their passwords written down on their desks, making the passwords totally useless. If you want something secure that remains useful, look into using RSA tokens for authentication. Half the password the user knows, and the other half they read from the token and it changes every minute. (Some of the root keys for RSA were compromised recently, so make sure that you get a device with the new keys.)
    66,360 pointsBadges:
    report
  • TeachMeIT
    [...] 10. ErroneousGiant, Guardian, and Mrdenny gave pointers and suggestions for alternative options to a member wanting to force Windows users to choose random passwords. [...]
    0 pointsBadges:
    report
  • TeachMeIT
    Great point, thanks mrdenny.
    975 pointsBadges:
    report
  • TeachMeIT
    [...] ErroneousGiant isn’t so erroneous with his approved answer for forcing Windows users to choose random passwords. Mrdenny makes a cameo with a helpful tip as [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following