Re: How to set a SINGLE domain account to never lockout?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

This problem is solved by the new Fine Grained Password Policy feature in
Win2K8 AD, but for now there is only one password policy per domain.

Sorry.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"momo" <momo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0FF08E82-D4B3-4378-B0C6-960718173B6D@xxxxxxxxxxxxxxxx
This is exclusivelly a production domain. This account is a service
account
for a production application. For compliance reasons passwords must be
changed in every thirty days and we recently changed account password. We
have people working from several different cities/states and someone is
keep
trying to logon into the domain client using this account with an old
password hence locking out the account. when the account locked out the
production application stops.

Thank you.

"Jorge de Almeida Pinto [MVP - DS]" wrote:

you cant

what is the purpose of using an account that cannot be locked?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"momo" <momo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0EFD3EA0-207F-4DF5-BDB7-0813066D4796@xxxxxxxxxxxxxxxx
Hello,
How to set to a SINGLE domain account to never lockout?

I know how set this globally using Group Policy:
Computer Configuration
Windows Settings
Security Settings
Account Policies
Account Lockout Policy. And set threshold = 0.

Thank you.






.

Relevant Pages

  • Re: Password Expired Query
    ... issue their own LDAP query to do this. ... If you just want to get this done, Joe R's tool is very easy. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The problem is there isn't a flag saying the account is expired, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password expires for no apparent reason
    ... go to the server and run rsop.msc and check your password policy, ... expires' is set for each user. ... the minimum password age is there to prevent users from blowing ... As Harj said Account lockouts could potentially be a problem as perhaps the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Valid password characters
    ... A good password policy should be combined with a good user name ditto. ... whereby an account would be disabled after a certain of unsuccessful ... The attack on this type of protection will not be a frontal attack ... without even the implied warranty of merchantability ...
    (microsoft.public.inetserver.asp.db)
  • Re: Password Policy for remote users
    ... There is only one password policy per domain or per machine. ... accounts, and this or the highest priority GPO setting account policies ... Change remote users passowrd to more complex. ...
    (microsoft.public.security)
  • password change problem
    ... top and want this password policy accross the domain. ... At first, all was fine, my users could ctrl-alt-delete ... change the password for the domain adminstrator account ... change and next log in, no problem works fine, just cant ...
    (microsoft.public.windows.group_policy)