Configuring Tunnel Groups
Figure 30-2
The next time this user logs on, the security appliance displays the following prompt: "New password
required. Password change required. You must enter a new password with a minimum length n to
continue." You can set the minimum required password length, n, as part of the Active Directory
configuration at Start > Programs > Administrative Tools > Domain Security Policy > Windows
Settings > Security Settings > Account Policies > Password Policy. Select Minimum password length.
Using Active Directory to Specify Maximum Password Age
To enhance security, you can specify that passwords expire after a certain number of days. To specify a
maximum password age for a user password, specify the password-management command in
tunnel-group general-attributes configuration mode on the security appliance and do the following steps
under Active Directory:
Select Start > Programs > Administrative Tools > Domain Security Policy > Windows Settings >
Step 1
Security Settings > Account Policies > Password Policy.
Double-click Maximum password age. This opens the Security Policy Setting dialog box.
Step 2
Check the Define this policy setting check box and specify the maximum password age, in days, that you
Step 3
want to allow.
Cisco Security Appliance Command Line Configuration Guide
30-26
Active Directory—User Must Change Password at Next Logon
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
OL-10088-01