Smith wrote:
A little while ago, my client updated their password rules to be a little
stricter. For example, one of the changes was the min length was changed
from 8 to 14. I have now been asked if I can provide a list of users that
have a password that does not meet the new requirements. I don't want/need
to know the password. I'm just looking for a yes or no flag to tell me if
it meets the requirements. Is there anything that would give me that info?
I think their eventual plan is to set passwords to expired if they don't
meet the rules and make them change them so they do meet them.
Unless you have a password validation program which has previously captured the passwords and stored them somewhere
(not recommended and probably illegal in many places - and IIRC CHGUSRPRF bypasses the password validation program),
then the only alternative is to set all user passwords to expired and force them to change their passwords, thus ensuring the new rules are enforced...
(Reminds of the time that my client Lone Star Steel (RIP) asked me to write a password validation program to prevent users from using profane words in their passwords, so I had to build a file containing a list of dirty words to use for the password validation program to use.)
Regards,
Steve Landess
(512) 289-0387
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
