Monday, 22 August 2011

SBS 2008 and 2011 Active Directory Password Complexity

To manage the password setup in SBS 2008 and SBS 2011 Active Directory we use the SBS Console:

  1. Open the SBS Console.
  2. Click on the Users and Groups tab.
  3. If not already selected, click on the Users tab.
  4. Under Tasks click on Change password policies.
    • image
  5. Set the password policy settings accordingly.
    • image
  6. Click Apply and OK.
    1. NOTE: All users will be required to change their passwords on their next log on if any changes are made to these settings!

This wizard is normally used during the set up process only.

If this wizard is used somewhere in the middle of an SBS Migration or SBS Swing Migration the consequences may be dire. It is best left as the final step _after_ at least one week of the post-migrated server being in production.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

3 comments:

Chris Knight said...

10 characters is too few characters. You can wind up the minimum password length and turn off the complexity.

Short reason why here:
http://xkcd.com/936/

Long reason why here:
http://en.wikipedia.org/wiki/Password_strength

Anonymous said...

> Click Apply and OK.

Have you never used Windows before? You don't need to do that, you can just click OK.

Why do some people insist Apply then OK must be clicked? What do you think Apply does? I'll tell you - exactly the same as OK, but without closing the dialogue window.

Did you know that Apply and OK is the same as Apply and Cancel? As is just hitting OK. Yes, a confusing arrangement, but not if you understand what Apply does - how does a professional, who uses dialogues like this all the time, not manage to figure it out? What else have you not managed to figure out?

I'll be honest though, I think the Apply button appeared with Windows 95, and if you were used to Win3 paradigms (and other GUIs) then what Apply does over OK and Cancel will catch your eye. It boils down to experience, perhaps.

Philip Elder SBS MVP said...

Anonymous,

Experience indeed.

For those of us that have been around for a while, the habit of clicking APPLY prior to OK was indeed born of experience.

When one clicked OK there was no guarantee that what we just did happened. By clicking APPLY we have the opportunity to see any message windows that otherwise would not pop up.

We have good reason. So, instead of scolding us old dogs and giving us the lecture maybe it would be more prudent to ask why we do this. :)

Philip