Microsoft KB Archive/236373

= How maximum password age is implemented =

Article ID: 236373

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Server 3.51

-



This article was previously published under Q236373



SUMMARY
User Manager allows you to set a maximum password age. A common misconception is that the current age for each user's password is reset when this value is changed. Each individual user's password age is not stored or reset.



MORE INFORMATION
The Windows operating system does not actually store the age of the user's password, but rather the last time it was set.

To view when the password was last set, type the following at an MS-DOS command prompt:

net user administrator

Information similar to the following is then displayed: User name                   Administrator Password last set           4/7/99 4:11 PM (There is a variety of information displayed, but the Password last set value is the information of interest.)

For example, you have a domain that has been set up for one year and users do not change their passwords on a regular basis. If you were to set a maximum password age of 60 days, almost all users' passwords would expire and they would be required to change their password at next logon.

A better alternative in this example would be to set the maximum password age to 365 days and then slowly (over days or weeks) lower the maximum password age to 60. This would help to prevent the help desk from being inundated with calls.

Additional query words: expired logon failed

Keywords: kbinfo KB236373

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.