Archived from groups: microsoft.public.win2000.active_directory (More info?)
I know password policies are supposed to be applied to entire domains and
if there is a requirement fore separate policies, a new child domain is
required, but some testing I've done seemed to have contradicted that. If
you set a user’s properties to ‘password never expires’, you can overcome the
password age setting at the domain level, and it seems this affects the
password complexity requirement as well. While I’m prompted to change my
password on an account who does not have the password never expires setting
and when forced to change that password I’m also forced to adhere to the
complex password policy, I am not forced to change my password on an account
set to never expire and am therefore not required to adhere to the complexity
requirement. Kind of a loophole I suppose. Has anyone else tried using
this sort of 'fix' on accounts like service accounts?
I know password policies are supposed to be applied to entire domains and
if there is a requirement fore separate policies, a new child domain is
required, but some testing I've done seemed to have contradicted that. If
you set a user’s properties to ‘password never expires’, you can overcome the
password age setting at the domain level, and it seems this affects the
password complexity requirement as well. While I’m prompted to change my
password on an account who does not have the password never expires setting
and when forced to change that password I’m also forced to adhere to the
complex password policy, I am not forced to change my password on an account
set to never expire and am therefore not required to adhere to the complexity
requirement. Kind of a loophole I suppose. Has anyone else tried using
this sort of 'fix' on accounts like service accounts?
Facebook
Twitter
Instagram