AD -- password policy

[Darren D]

I'm certain that this question came up before,, anyway here is my question..
I've a simple forest that contains a Root/Domain and a Child domain, however
in the child domain I've a number of applications that uses a typical user
account with domain user rights and in some cases domain admin rights. that
runs application services..
I would like to enforce a paasword policy in this child domain that requres
a new password every 30 days , and from what I've read password policy are
domain specific not OU. By do this would this encompass my application
service accounts .. I'm a bit concern since this might break the
applications since the service accounts they run under will be prompted for
a password change..correct?

-Darren

 

[Mark Renoden [MSFT]]

Hi Darren

In the user account properties you can set "Password never expires"

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Darren D]

Duh... Do I feel dumb know..
Hey, Mark.. I guess it individual user properties over writes the domain
policy..correct?
-Darren

Hi Darren

In the user account properties you can set "Password never expires"

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

I'm certain that this question came up before,, anyway here is my
question..
I've a simple forest that contains a Root/Domain and a Child domain,
however
in the child domain I've a number of applications that uses a typical user
account with domain user rights and in some cases domain admin rights.
that
runs application services..
I would like to enforce a paasword policy in this child domain that
requres
a new password every 30 days , and from what I've read password policy are
domain specific not OU. By do this would this encompass my application
service accounts .. I'm a bit concern since this might break the
applications since the service accounts they run under will be prompted
for
a password change..correct?

-Darren

 

[Mark Renoden [MSFT]]

Hi Darren

I can't think of an example where that's incorrect

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Duh... Do I feel dumb know..
Hey, Mark.. I guess it individual user properties over writes the domain
policy..correct?
-Darren

Hi Darren

In the user account properties you can set "Password never expires"

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

I'm certain that this question came up before,, anyway here is my
question..
I've a simple forest that contains a Root/Domain and a Child domain,
however
in the child domain I've a number of applications that uses a typical user
account with domain user rights and in some cases domain admin rights.
that
runs application services..
I would like to enforce a paasword policy in this child domain that
requres
a new password every 30 days , and from what I've read password policy are
domain specific not OU. By do this would this encompass my application
service accounts .. I'm a bit concern since this might break the
applications since the service accounts they run under will be prompted
for
a password change..correct?

-Darren

 

[Joe Richards [MVP]]

Even though that is the case, you should still be changing your service
passwords. If anything, it is more important to change service passwords than
user passwords because usually

1. They have more access than normal userids
2. More than one person knows the password


Note that the service will not be prompted to change the password, it will just
stop working for various things depending on what it is trying to access.

joe


--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Duh... Do I feel dumb know..
Hey, Mark.. I guess it individual user properties over writes the domain
policy..correct?
-Darren

Hi Darren

In the user account properties you can set "Password never expires"

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

I'm certain that this question came up before,, anyway here is my
question..
I've a simple forest that contains a Root/Domain and a Child domain,
however
in the child domain I've a number of applications that uses a typical

user

account with domain user rights and in some cases domain admin rights.
that
runs application services..
I would like to enforce a paasword policy in this child domain that
requres
a new password every 30 days , and from what I've read password policy

are

domain specific not OU. By do this would this encompass my application
service accounts .. I'm a bit concern since this might break the
applications since the service accounts they run under will be prompted
for
a password change..correct?

-Darren