Re: Administrators BLaaaaHHHH

From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
Date: Thu, 9 Jun 2005 23:02:01 -0500

"I know of know way for that to be done" should be I know of no way for that
to be done. Back to English class for me. --- Steve

"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
news:eqUQwAXbFHA.2984@xxxxxxxxxxxxxxxxxxxxxxx
>I know of know way for that to be done. You can however enable auditing of
>account management in Domain Controller Security policy to find out who is
>doing such and to what accounts and then take appropriate action whatever
>that may be. You might also want to develop or modify your security policy
>to prohibit such changes or set specific guidelines such as chain of
>command or what level of administrators can do such. Beyond that if you
>have a Windows XP Pro computer in the domain that you could use as an admin
>workstation you can install adminak for Windows 2003 on it [free download
>from Microsoft] and use the Active Directory command line tools dsquery,
>dsget, and dsmod to find and change those accounts that have been
>configured with password never expires. --- Steve
>
> http://www.jsifaq.com/SUBO/tip7300/rh7330.htm
> http://www.jsifaq.com/SUBO/tip7300/rh7337.htm
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3558c421-ba3d-4b8f-a107-b9058cc0f286.mspx
>
> "James Robetson" <jrobertson@xxxxxxxxxxxxxxxxxxx> wrote in message
> news:esh4OJUbFHA.796@xxxxxxxxxxxxxxxxxxxxxxx
>> Ok in my organization I have some admins that like to give some users the
>> right to not have to change their passwords from time to time. I want
>> this option to be gone from ADU&C Account Properties Tab "Password Never
>> Expires". Can this be done?
>>
>> James
>>
>
>

.

References:
- Administrators BLaaaaHHHH
  - From: James Robetson
- Re: Administrators BLaaaaHHHH
  - From: Steven L Umbach

Prev by Date: Re: Administrators BLaaaaHHHH
Next by Date: applying computer settings... very slow
Previous by thread: Re: Administrators BLaaaaHHHH
Next by thread: Group Policy Setup
Index(es):
- Date
- Thread

Relevant Pages

Re: Cannot access security settings in Win 2003
... Cannot get into Domain Controller Security Policy, ... > at least read/write permissions. ... >> with an account that has admin, domain admin, enterprise admin, group ...
(microsoft.public.windows.server.networking)
RE: local admin account password
... Subject: local admin account password ... > 4) Only use domain accounts so delete the local ones. ... > The DB file would be encrypted with EFS so only the limited user SQL ... > backup user can make a zip backup of the DB whenever it gets changed ...
(Focus-Microsoft)
RE: local admin account password
... Say you have more then 1000 systems, how do you handle the local admin ... Only use domain accounts so delete the local ones. ... The DB file would be encrypted with EFS so only the limited user SQL ... There would be basically two stored procs, ...
(Focus-Microsoft)
local admin account password
... Only use domain accounts so delete the local ones. ... 5)My main idea/plan is to store all the passwords on a central SQL server. ... This way you can easily have a different random passwords for the admin ... There would be basically two stored procs, ...
(Focus-Microsoft)
Re: Admin vs limited user account
... properly with limited user account (it does work fine with admin users). ... Quite simply, the application doesn't "know" how to handle individual user profiles with differing security permissions levels, or the application is designed to make to make changes to "off-limits" sections of the Windows registry or protected Windows system folders. ... "If your game or application works with admin accounts, but not with limited accounts, you can fix it to allow limited users to access the program files ...
(microsoft.public.windowsxp.security_admin)