Cisco ASA 5505 User Manual

67-30

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring Connection Profiles

Figure 67-2

Active Directory—User Must Change Password at Next Logon

The next time this user logs on, the ASA displays the following prompt: “New password required.
Password change required. You must enter a new password with a minimum length n to continue.” You
can set the minimum required password length, n, as part of the Active Directory configuration at Start >
Programs > Administrative Tools > Domain Security Policy > Windows Settings > Security Settings >
Account Policies > Password Policy. Select Minimum password length.

Using Active Directory to Specify Maximum Password Age

To enhance security, you can specify that passwords expire after a certain number of days. To specify a
maximum password age for a user password, specify the password-management command in
tunnel-group general-attributes configuration mode on the ASA and do the following steps under Active
Directory:

Step 1

Select Start > Programs > Administrative Tools > Domain Security Policy > Windows Settings >
Security Settings > Account Policies > Password Policy.

Step 2

Double-click Maximum password age. This opens the Security Policy Setting dialog box.

Step 3

Check the Define this policy setting check box and specify the maximum password age, in days, that you
want to allow.