Account Policy on New User Not Enforced
ID: q110291
|
The information in this article applies to:
-
Microsoft Windows NT operating system version 3.1
-
Microsoft Windows NT Advanced Server version 3.1
SYMPTOMS
Windows NT and Windows NT Advanced Server do not enforce account policy of
minimum password length restriction to new users created from the User
Manager. The behavior is different in Windows NT and Windows NT Advanced
Server as follows:
If the account policy is made so that the minimum password length must be
at least five characters:
- On a Windows NT Advanced Server machine:
- If a new user is created from the User Manager for domains with just
the option of "User Must Change Password at Next Logon," any password
of fewer than five characters is accepted. The user can logon with
this invalid password and the subsequent password follows the account
policy and prompts if the password length is less than five
characters.
- If the new user is created with the remaining options of Password
Never Expires or Password Cannot Be Changed, the account policy is
enforced by prompting for a password of at least five characters.
- On a Windows NT machine, a user can be created from User Manager with
any of the following options and it accepts a password with fewer
characters than the minimum password length, thereby not following the
account policy:
- "User Must Change Password at Next Logon"
- Password Never Expires
- Password Cannot Be Changed
STATUS
Microsoft has confirmed this to be a problem in Windows NT and Windows NT
Advanced Server version 3.1. We are researching this problem and will post
new information here in the Microsoft Knowledge Base as it becomes
available.
Additional query words:
prodnt
Keywords : kbnetwork
Version : 3.1
Platform : WINDOWS
Issue type :