Do the Group Policy Object and 'Password Never Expires' flag interact?

BROWSE BY TAG Identity Management and Access Control,   Password Management and Policy,   Enterprise Identity and Access Management,   Identity Management Technology and Strategy,   Active Directory and LDAP Security,   Expert Archive: Identity Management and Access Control,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Management and Access Control Is Identity Management as a Service (IDaaS) a good idea? How to log in to multiple servers with federated single sign-on (SSO) How to confirm the receipt of an email with security protocols Learn about enterprise strategy for server virtualization single sign-on Employee information security awareness training for new IAM systems Can you combine RFID tag technology with GPS to track stolen goods? Is there a free enterprise-caliber password-management tool? Cryptosystem attacks that do not involve obtaining the decryption key Can any firm or organization get a digital signature certificate? Should the CTO have domain administrator access? Password Management and Policy Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats Brute force attacks target Yahoo email accounts Best Identity and Access Management Products Privileged account management critical to data security Making the case for enterprise IAM centralized access control How to prevent brute force webmail attacks Best practices for a privileged access policy to secure user accounts Mature SIMs do more than log aggregation and correlation PCI compliance requirement 2: Defaults Active Directory and LDAP Security How to edit group policy objects to give a user local admin rights Using IAM tools to improve compliance Ease the compliance burden with automation Changing times for identity management Product Review: Symark PowerADvantage 1.5 Directory services and beyond: The future of LDAP What are the benefits of identity managed as a service? Enterprise role management: Trends and best practices Identity Management Suites Enable Integration, Interoperability What should an internal support model for identity management look like? Active Directory and LDAP Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary graphical password  (SearchSecurity.com) identity chaos  (SearchSecurity.com) logon  (SearchSecurity.com) masquerade  (SearchSecurity.com) OpenID  (WhatIs.com) salt  (SearchSecurity.com) session replay  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) TACACS  (SearchSecurity.com) war dialer  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

The Group Policy Object in Active Directory affects existing accounts only when users try to change or update their passwords earlier than the maximum password age of 180 days. Otherwise, they'll be asked to reset their passwords in 180 days, not at the next login.

The clock starts ticking whenever the maximum age is set in the Group Policy Object. However, if individual accounts are set in an organization -- whether to never expire or some other setting -- the Group Policy Object setting in Active Directory will take precedence for all registered accounts. The only exception is systems older than Windows 2000, which don't support Active Directory password management.

Policies can be set for individual workstations or the entire domain, but should be set at the domain level to keep security consistent throughout the network. Active Directory manages password age through the Group Policy Objects editor of its administrative GUI. It can also manage password history, length and complexity.

Password policies, including password age, should be based on a thorough risk assessment of corporate systems and applications. Those with high-risk data, such as customer data or proprietary company information, should have tighter access control policies, meaning more frequent password expirations.

Make sure to have a consistent policy across the organization for password age and expiration, and put it in writing in accordance with corporate IT security standards.

More information:

• Should users set up password expiries in Active Directory? Learn more.
• Read about the pros and cons of using stand-alone authentication that is not Active Directory-based.