AD -- password policy


D

Darren D

I'm certain that this question came up before,, anyway here is my question..
I've a simple forest that contains a Root/Domain and a Child domain, however
in the child domain I've a number of applications that uses a typical user
account with domain user rights and in some cases domain admin rights. that
runs application services..
I would like to enforce a paasword policy in this child domain that requres
a new password every 30 days , and from what I've read password policy are
domain specific not OU. By do this would this encompass my application
service accounts .. I'm a bit concern since this might break the
applications since the service accounts they run under will be prompted for
a password change..correct?

-Darren
 
Ad

Advertisements

M

Mark Renoden [MSFT]

Hi Darren

In the user account properties you can set "Password never expires"

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
D

Darren D

Duh...:) Do I feel dumb know..
Hey, Mark.. I guess it individual user properties over writes the domain
policy..correct?
-Darren
Mark Renoden said:
Hi Darren

In the user account properties you can set "Password never expires"

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Darren D said:
I'm certain that this question came up before,, anyway here is my
question..
I've a simple forest that contains a Root/Domain and a Child domain,
however
in the child domain I've a number of applications that uses a typical user
account with domain user rights and in some cases domain admin rights.
that
runs application services..
I would like to enforce a paasword policy in this child domain that
requres
a new password every 30 days , and from what I've read password policy are
domain specific not OU. By do this would this encompass my application
service accounts .. I'm a bit concern since this might break the
applications since the service accounts they run under will be prompted
for
a password change..correct?

-Darren
 
M

Mark Renoden [MSFT]

Hi Darren

I can't think of an example where that's incorrect :)

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Darren D said:
Duh...:) Do I feel dumb know..
Hey, Mark.. I guess it individual user properties over writes the domain
policy..correct?
-Darren
Mark Renoden said:
Hi Darren

In the user account properties you can set "Password never expires"

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Darren D said:
I'm certain that this question came up before,, anyway here is my
question..
I've a simple forest that contains a Root/Domain and a Child domain,
however
in the child domain I've a number of applications that uses a typical user
account with domain user rights and in some cases domain admin rights.
that
runs application services..
I would like to enforce a paasword policy in this child domain that
requres
a new password every 30 days , and from what I've read password policy are
domain specific not OU. By do this would this encompass my application
service accounts .. I'm a bit concern since this might break the
applications since the service accounts they run under will be prompted
for
a password change..correct?

-Darren
 
Ad

Advertisements

J

Joe Richards [MVP]

Even though that is the case, you should still be changing your service
passwords. If anything, it is more important to change service passwords than
user passwords because usually

1. They have more access than normal userids
2. More than one person knows the password


Note that the service will not be prompted to change the password, it will just
stop working for various things depending on what it is trying to access.

joe


--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net



Darren said:
Duh...:) Do I feel dumb know..
Hey, Mark.. I guess it individual user properties over writes the domain
policy..correct?
-Darren
Hi Darren

In the user account properties you can set "Password never expires"

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

I'm certain that this question came up before,, anyway here is my
question..
I've a simple forest that contains a Root/Domain and a Child domain,
however
in the child domain I've a number of applications that uses a typical
user
account with domain user rights and in some cases domain admin rights.
that
runs application services..
I would like to enforce a paasword policy in this child domain that
requres
a new password every 30 days , and from what I've read password policy
are
domain specific not OU. By do this would this encompass my application
service accounts .. I'm a bit concern since this might break the
applications since the service accounts they run under will be prompted
for
a password change..correct?

-Darren
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Password Policy on AD 3
Password Policy in AD 3
AD and Password policy question 12
password policy in 2000 AD 6
Password Policy 6
password policy 3
Password Policy 1
password policy 1

Top