Re: Which overrides? AD or Domain Security Policy?
- From: "Austin Osuide" <austin@xxxxxxxxxxx>
- Date: Thu, 25 Oct 2007 00:15:15 +0100
Brad,
The point is you don't/can't set "Password Never Expires"/ "Password Cannot be Changed" at "the Domain Level"
It is set on the userAccountControl attribute of user objects. Nothing in the Domain's Policies exist that will override the setting.
Regards,
Austin
"Brad G" <BradG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:560E6CBD-28AE-473D-8855-125CD0A449A7@xxxxxxxxxxxxxxxx
Perfect - Thanks Danny - exactly what I needed!
"Danny Sanders" wrote:
>> The "Password Never expires" & "Password cannot be changed" Account
>> Control
This will override the domain security account settings.
I usually use this setting for accounts that services are running under. I
manually go through and change the passwords periodically.
hth
DDS
"Brad G" <BradG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:82077F46-C976-4F3F-8FA5-EADD92AA1863@xxxxxxxxxxxxxxxx
>I don't quite see the answer to my primary question. (I know all about >how
>to
> set it up):
>
> Will the individual user account settings override the Domain Security
> Policy settings?
>
> Thanks-
> Brad
>
> "Austin Osuide" wrote:
>
>> Hi Brad,
>>
>> Password policies in a Domain apply to every user account in the >> domain
>> in
>> W2K and WS03 AD.
>> This policy determines:
>> 1. Password History
>> 2. Max Passw Age
>> 3. Min Passw Age
>> 4. Complexity requirements and
>> 5. Password should be stored using reversible encryption
>>
>> The "Password Never expires" & "Password cannot be changed" Account
>> Control
>> settings are represented by flags on the userAccountControl attribute >> of
>> a
>> user object. You can set these individually for user objects, if you
>> wish,
>> and have them different for each user object.
>> See: http://support.microsoft.com/kb/305144
>>
>> The two entities i.e. password policies and userAccountControl flags >> are
>> not
>> related.
>>
>> Regards,
>>
>> Austin
>>
>>
>> "Brad G" <BradG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:87A55C78-6BD1-4A8B-809B-A9F611F867BD@xxxxxxxxxxxxxxxx
>> >I would like to apply strict password policy enforcement via Domain
>> >Security
>> > policy, but need to test it first. We have a mostly mobile workforce
>> > and I
>> > need to test the behavior for mobile users. What I would like to do >> > is
>> > apply
>> > it to the Domain Security Policy so it globally affects all users - >> > but
>> > limit
>> > it to just a few for testing at first.
>> >
>> > So, if I enable the password requirements in Domain Security policy,
>> > but
>> > have User A,B, C in the Active Directory individually configured at >> > the
>> > user-level for 'Password never expires" and "password cannot be
>> > changed"
>> > will
>> > that over ride the domain security policy?
>> > Another scenario would be if I wanted to apply it to all users >> > except
>> > for
>> > an
>> > administrator, etc, - is this how that would be managed?
>> >
>> > Thanks!
>>
>>
.
- References:
- Re: Which overrides? AD or Domain Security Policy?
- From: Austin Osuide
- Re: Which overrides? AD or Domain Security Policy?
- From: Brad G
- Re: Which overrides? AD or Domain Security Policy?
- From: Danny Sanders
- Re: Which overrides? AD or Domain Security Policy?
- From: Brad G
- Re: Which overrides? AD or Domain Security Policy?
- Prev by Date: Re: Which overrides? AD or Domain Security Policy?
- Next by Date: Re: "Access Denied" - Deleting User
- Previous by thread: Re: Which overrides? AD or Domain Security Policy?
- Next by thread: Re: Which overrides? AD or Domain Security Policy?
- Index(es):
Relevant Pages
|
