Spadasoe Dec 29, 2010   2:18 PM GMT

Use powershell to query users password info and force resets. I use Quest PowerGui and can get password settings for all users, select users by password age, and force a reset.

5,130 pointsBadges:

Stevesz Dec 29, 2010   4:03 PM GMT

You can set this through group policy to a certain extent. Take a look at the options offered to you and determine if it will meet your needs.One nifty little trick would be to give the passwords a certain length of time before they expire and need to be reset. I believe the default is 42 days. If you can wait this long, leave it be, and, eventually, all the passwords will be in compliance (about 6 weeks). Once this has occurred, you can extend the period between password changes or be ready for a lot of grumbling around the 6 week period, though everyone will slowly fall out of sync with each other. The reason for this is that people will get a period of time to change the password and start getting warnings about a week prior to the time needed before the change. Some people will do this right away, other will wait until they absolutely need to change the password, and still others will do it sometime in between. Another setting is the number of passwords to remember. The default is 24, so the user must use 24 different passwords before they can reuse password the first. This will prevent users from using My_Dogs_Name1, changing it to My_Dogs_Name!, then on the next change going back to My_Dogs_Name1.

2,015 pointsBadges:

Darkstar911 Dec 29, 2010   11:14 PM GMT

Get MBSA from microsoft. It will give you a report of accounts with weak passwords.

790 pointsBadges:

Kevin Beaver Sep 25, 2013   3:32 PM GMT

Elcomsoft (www.elcomsoft.com) has some of the best tools for this type of analysis. Check them out.

27,520 pointsBadges: