Re: AD User Password Policies
- From: "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Tue, 16 Aug 2005 11:23:14 -0500
No
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"schmeckendeugler" <schmeckendeugler@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:A86D5BE8-2618-4437-9DC2-0E73CB1EDA64@xxxxxxxxxxxxxxxx
> Hmm.
>
> Will this override the "Password does not expire" checkbox under
> Right-click
> + Properties? I really don't wanna have to reset the passwords on my
> service
> accounts every 30 days!
>
> Pancake Smeckendeugler
>
> "Paul Bergson" wrote:
>
>> All domain accounts.
>>
>> The system doesn't know what the difference is between a user account and
>> a
>> service account.
>>
>> --
>>
>>
>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>> "schmeckendeugler" <schmeckendeugler@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> message news:0EF33570-82E6-45FD-AB6D-AF575990BD61@xxxxxxxxxxxxxxxx
>> > OK,
>> >
>> > so that must include all service accounts, administrator accounts,
>> > etc.??
>> >
>> >
>> >
>> > "Ulf B. Simon-Weidner [MVP]" wrote:
>> >
>> >> "schmeckendeugler" <schmeckendeugler@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
>> >> in
>> >> message news:7630A718-C9DF-4952-8C02-F9742427261C@xxxxxxxxxxxxxxxx
>> >> > Greetings.
>> >> >
>> >> > I have questions RE applying Password Policies. I have an AD running
>> >> > on
>> >> > 2
>> >> > 2k+3 DC's. First:
>> >> >
>> >> > -I notice that a group policy to control user passwords is actually
>> >> > a
>> >> > machine policy. What would be the best OU to apply this to? I have
>> >> > separate
>> >> > OU's for users and machines.
>> >> >
>> >> > -I want users to reset passwords every 30 days, but the annoying
>> >> > pop-up
>> >> > comes TWO WEEKS before they are required to change their password.
>> >> > Is
>> >> > this
>> >> > time limit hackable?
>> >> >
>> >>
>> >>
>> >> Hello Schmeckendeugler,
>> >>
>> >> if you change the password policies at any other level than the domain
>> >> level
>> >> it applies only to the local accounts of the computers where the
>> >> policy
>> >> applies to.
>> >>
>> >> If you want password policies to apply to domain users you need to set
>> >> them
>> >> in a policy which applies to the domain object (or the Default Domain
>> >> Policy).
>> >>
>> >> The time limit is a policy as well, which applies to the computer
>> >> objects.
>> >> Look in Computer Configuration \ Windows Settings \ Security Settings
>> >> \
>> >> Local Policies \ Security Options for Interactive Logon: Prompt user
>> >> to
>> >> change password before expiration.
>> >>
>> >> --
>> >> Gruesse - Sincerely,
>> >>
>> >> Ulf B. Simon-Weidner
>> >>
>> >> MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
>> >> Weblog: http://msmvps.org/UlfBSimonWeidner
>> >> Website: http://www.windowsserverfaq.org
>> >>
>>
>>
>>
.
- References:
- AD User Password Policies
- From: schmeckendeugler
- Re: AD User Password Policies
- From: Ulf B. Simon-Weidner [MVP]
- Re: AD User Password Policies
- From: schmeckendeugler
- Re: AD User Password Policies
- From: Paul Bergson
- Re: AD User Password Policies
- From: schmeckendeugler
- AD User Password Policies
- Prev by Date: Domain Controller will not BOOT
- Next by Date: RE: ADMT Computer Migration Error
- Previous by thread: Re: AD User Password Policies
- Next by thread: Re: AD User Password Policies
- Index(es):
Relevant Pages
|
