Re: Password Policy Question

From: Marin Marinov (mlmarinov_at_askme.ca)
Date: 07/08/04

Next message: Eric Graham: "Software Restriction multiple users"
Previous message: Sabo, Eric: "Re: Internet Explorer and deleting Temporary Internet Files from local machine"
In reply to: Jenna: "Re: Password Policy Question"
Next in thread: Darren Mar-Elia: "Re: Password Policy Question"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 8 Jul 2004 11:23:55 -0400

In article <OntSFEOZEHA.2544@TK2MSFTNGP10.phx.gbl>, "Jenna" <stilesj AT
nospam DOT com> says...
> Okay, searching around a little more on google I seem to have found that you
> can set a password policy for a domain, but override it for select users by
> selecting Password Never Expires on those specific accounts. Can anyone
> verify that? Does that apply for complexity of passwords, too, or just for
> changing them regularly, etc.?
<snip>
Hi Jenna,
You pretty much solved your problem yourself ;) Indeed password and
account policies are the same for all users in a domain and cannot be
overriden with the exception of password expiration, as you mentioned.
"Password never expires" will tell the DCs to disregard the age of the
password is a maximum password age is configured. This is commonly used
for service accounts the passwords of which you do (or can) not want to
change every month or so. So you can only modify this per user - minimum
password length, complexity, etc. will continue to be applicable for all
users and you cannot modify that.

HTH

-- 
Cheers,
   Marin Marinov
   MCT, MCSE 2003/2000/NT4.0,
   MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no 
rights.
"True knowledge exists in knowing that you know nothing."
Socrates

Next message: Eric Graham: "Software Restriction multiple users"
Previous message: Sabo, Eric: "Re: Internet Explorer and deleting Temporary Internet Files from local machine"
In reply to: Jenna: "Re: Password Policy Question"
Next in thread: Darren Mar-Elia: "Re: Password Policy Question"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Default Domain Policy - Password Chg 90 days
... There are certain accounts that have ... The default domain policy has maximum password age under computer ... user - it is NOT being done through local GPOs. ...
(microsoft.public.windows.server.active_directory)
Re: Changed services... now im in trouble!
... > Locate the Service in the list and modify it. ... >> Unable to log into other accounts ... >> access to the internet but the email program error message ... Can you change services option in the registry? ...
(microsoft.public.windowsxp.general)
Re: Changed services... now im in trouble!
... Locate the Service in the list and modify it. ... > Security Accounts Manager were altered... ...
(microsoft.public.windowsxp.general)
Re: Name reference invalid
... Thanks for your reply Ace. ... The script shouldn't have been anything overcomplex, I was using AD Modify ... PS As an update - It appears the only accounts affected were those I ...
(microsoft.public.windows.server.active_directory)
Re: Group Policy Order
... Alex is right--password complexity and other account policy for DOMAIN USER ... ACCOUNTS can only be set at a GPO linked to the domain level. ... >> password complexity is enabled in my domain GP.password ...
(microsoft.public.windows.group_policy)