Re: Default Domain Policy Question

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 01/21/05 

Date: Fri, 21 Jan 2005 12:34:50 -0700

You need to access the account properties of the service
accounts and set the checkbox for Password never expires.
There is only one set of Account policies in a domain, but
this per account setting exempts the account where set.
The setting is accessible by local or remote script by
getting a handle to the user account object. Setting this
type of thing is not what GPO is good at (I have not seen
a policy for this that could be used to set it on all accounts
in some svcacct subOU; and, it is a one-time setting so
use of GPO for reapplication is really overkill). 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Nut Cracker" <nutcracker@internationalhacker.org> wrote in message
news:OdJumX%23$EHA.3820@TK2MSFTNGP11.phx.gbl...
> Hello All,
>
> I have a situation where the Default Domain Policy (DDP) is configured for
> passwords to expire in 90 days. I have an OU full of service accounts that
I
> dont want to be subject to that policy.
>
> How do I go about creating an exlusion from the DDP for this OU ? I am
told
> that I can oly set the password policy at the DDP level, so Im kinda in a
> lurch here.
>
> Thank you for any light you can shed on this.
>
> - NuTs
>
>
>

Relevant Pages

  • Re: Password expires for no apparent reason
    ... do not know if the policy was set and then cahnged to 'not defined'. ... the minimum password age is there to prevent users from blowing ... As Harj said Account lockouts could potentially be a problem as perhaps ... Password expires for no apparent reason ...
    (microsoft.public.windows.server.active_directory)
  • Re: GPO causing client security logs to fill?
    ... a virus in play. ... settings to be applied on your client workstations. ... Group Policy is a complex and often misunderstood beast. ... I modified the account ...
    (microsoft.public.windows.server.sbs)
  • Re: The local policy of this system does not permit you to logon i
    ... Security policies were propagated with warning. ... Error 0x534 occurs when a user account in one or more Group Policy objects ... I have checked the security policies & the administrator profile is not ...
    (microsoft.public.windows.server.sbs)
  • Re: Password expires for no apparent reason
    ... Run net accounts on the client machine to see what the settings are set ... Were any settings within any policy set at the domain level have any ... As Harj said Account lockouts could potentially be a problem as perhaps ... Password expires for no apparent reason ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password expires for no apparent reason
    ... Run net accounts on the client machine to see what the settings are set ... Were any settings within any policy set at the domain level have any ... As Harj said Account lockouts could potentially be a problem as perhaps ... Password expires for no apparent reason ...
    (microsoft.public.windows.server.active_directory)