Default Domain Policy Question

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hello All,

I have a situation where the Default Domain Policy (DDP) is configured for
passwords to expire in 90 days. I have an OU full of service accounts that I
dont want to be subject to that policy.

How do I go about creating an exlusion from the DDP for this OU ? I am told
that I can oly set the password policy at the DDP level, so Im kinda in a
lurch here.

Thank you for any light you can shed on this.

- NuTs
4 answers Last reply
More about default domain policy question
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Enable the "password never expires" attribute on each service account.

    For security reasons you should manually change their passwords
    periodically.

    hth
    DDS W 2k MVP MCSE

    "Nut Cracker" <nutcracker@internationalhacker.org> wrote in message
    news:uHFRXW%23$EHA.1084@tk2msftngp13.phx.gbl...
    > Hello All,
    >
    > I have a situation where the Default Domain Policy (DDP) is configured for
    > passwords to expire in 90 days. I have an OU full of service accounts that
    > I dont want to be subject to that policy.
    >
    > How do I go about creating an exlusion from the DDP for this OU ? I am
    > told that I can oly set the password policy at the DDP level, so Im kinda
    > in a lurch here.
    >
    > Thank you for any light you can shed on this.
    >
    > - NuTs
    >
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Thank you for the response.

    This setting was already there foreach account, but they expired just the
    same. I cant have that happen again.

    - NuTs

    "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
    news:O5VZff%23$EHA.1904@TK2MSFTNGP14.phx.gbl...
    > Enable the "password never expires" attribute on each service account.
    >
    > For security reasons you should manually change their passwords
    > periodically.
    >
    > hth
    > DDS W 2k MVP MCSE
    >
    > "Nut Cracker" <nutcracker@internationalhacker.org> wrote in message
    > news:uHFRXW%23$EHA.1084@tk2msftngp13.phx.gbl...
    >> Hello All,
    >>
    >> I have a situation where the Default Domain Policy (DDP) is configured
    >> for passwords to expire in 90 days. I have an OU full of service accounts
    >> that I dont want to be subject to that policy.
    >>
    >> How do I go about creating an exlusion from the DDP for this OU ? I am
    >> told that I can oly set the password policy at the DDP level, so Im kinda
    >> in a lurch here.
    >>
    >> Thank you for any light you can shed on this.
    >>
    >> - NuTs
    >>
    >
    >
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    That setting *should* prevent the password for that account from expiring. I
    know for a fact it works in Win 2k. If you are running Win 2k there is
    something more going on.

    Not sure what it is.

    DDS
    "Nut Cracker" <nutcracker@internationalhacker.org> wrote in message
    news:uS$9o0%23$EHA.3368@TK2MSFTNGP10.phx.gbl...
    > Thank you for the response.
    >
    > This setting was already there foreach account, but they expired just the
    > same. I cant have that happen again.
    >
    > - NuTs
    >
    > "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
    > news:O5VZff%23$EHA.1904@TK2MSFTNGP14.phx.gbl...
    >> Enable the "password never expires" attribute on each service account.
    >>
    >> For security reasons you should manually change their passwords
    >> periodically.
    >>
    >> hth
    >> DDS W 2k MVP MCSE
    >>
    >> "Nut Cracker" <nutcracker@internationalhacker.org> wrote in message
    >> news:uHFRXW%23$EHA.1084@tk2msftngp13.phx.gbl...
    >>> Hello All,
    >>>
    >>> I have a situation where the Default Domain Policy (DDP) is configured
    >>> for passwords to expire in 90 days. I have an OU full of service
    >>> accounts that I dont want to be subject to that policy.
    >>>
    >>> How do I go about creating an exlusion from the DDP for this OU ? I am
    >>> told that I can oly set the password policy at the DDP level, so Im
    >>> kinda in a lurch here.
    >>>
    >>> Thank you for any light you can shed on this.
    >>>
    >>> - NuTs
    >>>
    >>
    >>
    >
    >
  4. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Nut cracker!

    Take a look around in this news group - as well as in the Active Directory
    news group! The Password Policy is set at the domain level and affects
    everyone or no one! The only way to have user account objects not affected
    by this Password Policy is to move them to another domain.....But that is
    not really going to resolve your situation.

    And I always set a Password Policy within the Domain Security Policy ( which
    is a subset of the DDP anyway... ).

    --
    Cary W. Shultz
    Roanoke, VA 24014
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "Nut Cracker" <nutcracker@internationalhacker.org> wrote in message
    news:uHFRXW%23$EHA.1084@tk2msftngp13.phx.gbl...
    > Hello All,
    >
    > I have a situation where the Default Domain Policy (DDP) is configured for
    > passwords to expire in 90 days. I have an OU full of service accounts that
    > I dont want to be subject to that policy.
    >
    > How do I go about creating an exlusion from the DDP for this OU ? I am
    > told that I can oly set the password policy at the DDP level, so Im kinda
    > in a lurch here.
    >
    > Thank you for any light you can shed on this.
    >
    > - NuTs
    >
Ask a new question

Read More

Policy Default Domain Windows