Re: Default Domain Policy - Password Chg 90 days
- From: "Mathieu CHATEAU" <gollum123@xxxxxxx>
- Date: Mon, 10 Sep 2007 21:13:50 +0200
write to Microsoft (quoted text) ! ;)
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message news:eXSgd298HHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
HiGenerally, it's not a good idea to set a password so it doesn't expire because this defeats the purpose of having passwords in the first place.
I don't agree with this....
There're situations when having nonexpiring passwords can save you from trouble, for example for use with service accounts.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Mathieu CHATEAU" <gollum123@xxxxxxx> wrote in message news:%23XmCxf98HHA.980@xxxxxxxxxxxxxxxxxxxxxxxHello,
this setting is for user, and this is the only place it works.
Maximum password age
http://technet2.microsoft.com/windowsserver/en/library/039e8d42-fe50-4738-abf3-c798e74a03f61033.mspx?mfr=true
You are speaking about password history, which is different from the age
Enforce password history
http://technet2.microsoft.com/windowsserver/en/library/8a3d5451-14bd-4f89-8f55-dc6261dbd4fc1033.mspx?mfr=true
the password never expires override GPO:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/08w2kadb.mspx
Password Never Expires If selected, the password for this account never expires. This setting overrides the domain account policy. Generally, it's not a good idea to set a password so it doesn't expire because this defeats the purpose of having passwords in the first place.
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"al" <al@xxxxxxxxxxx> wrote in message news:1189446416.273216.43600@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxW2k3 Native Mode Domain: From what I understand, the default domain
policy that contains the setting "Maximum password age" 90 days really
applies to computer objects and NOT user objects. Which allows for
backwards compatability. So where does the user get their password
history enforcement from? They are required to change their passwords
every XX days in our domain but now I am not too sure where they are
getting this from if the above setting is only applied to computer
objects and local accounts. I've heard that this is set in a domain
profile? The reason I am asking is that we have some accounts that we
set "password never expires" on and I want to know how this overrides
a domain GPO. There is not an OU GPO that allows for this exception -
there is no exception.
TIA
al
.
- References:
- Default Domain Policy - Password Chg 90 days
- From: al
- Re: Default Domain Policy - Password Chg 90 days
- From: Mathieu CHATEAU
- Re: Default Domain Policy - Password Chg 90 days
- From: Jorge Silva
- Default Domain Policy - Password Chg 90 days
- Prev by Date: Re: Question about GPO
- Next by Date: Re: Forest Trusts Problem
- Previous by thread: Re: Default Domain Policy - Password Chg 90 days
- Next by thread: Re: Default Domain Policy - Password Chg 90 days
- Index(es):
Relevant Pages
|
Loading
