Password Nerver Expires ACLs

J

Jay Knowlton

How can I change the default ACLs for the account creation
process in a Windows 2000 Domain so that the only users
that have rights to check/uncheck the Password Never
Expires checkbox are members of the Domain Admins Security
group?

Also, can changing the security of this checkbox on all
existing user objects be scripted?

Thanks! - Jay Knowlton
 
J

Joe Richards [MVP]

You have to modify the permissions on the useraccountcontrol attribute,
unfortunately doing that will mean only domain admins can effectively create
an ID because they would be the only ones who could do the required enable
after the password was set.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top