Password Policy and AD

W

Wayner

Hi,
I would like to set up a password policy - single domain,
40 users, couple of DCs, win2K and exchange2k servers. I
do not want the admin password to have to be changed like
the users. Should I make the changes in the domain
security policy - account policy settings and then check
password never expires for admin account? Will the GP
overide this setting? Or should I create a group or ou for
users and apply the security policy to the ou? I really do
not know what to do for this second approach and would
probably mess it up without specific steps to follow.
What/where is a good guideline for this?
Thanks much - Wayner
 
D

Derek Melber [MVP]

configure the domain policy for "the users" and then just modify the
administrator user account to never expire the password. Here, you can
manually set the password as you feel you should.
 
L

Laura E. Hunter \(MVP\)

Any accounts that you manually set to "Password never expires" in the ADUC
MMC console will not be affected by the password policy. That's what I do
with my service accounts, since I don't want them expiring manually - I set
them to never expire, then manually change the password and re-start the
services on a regular basis.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GP do not take effect 4
password local policy in domain 2
Password Policy 4
Default Domain Policy 2003 7
Password Policy 1
Password Policy 3
Using Group Policy to define a Password Policy 1
Password policy not enforced 1

Top