Sign in with
Sign up | Sign in
Your question

Administrators BLaaaaHHHH

Last response: in Windows 2000/NT
Share
Anonymous
June 9, 2005 7:27:54 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Ok in my organization I have some admins that like to give some users the
right to not have to change their passwords from time to time. I want this
option to be gone from ADU&C Account Properties Tab "Password Never
Expires". Can this be done?

James
Anonymous
June 10, 2005 2:57:57 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I know of know way for that to be done. You can however enable auditing of
account management in Domain Controller Security policy to find out who is
doing such and to what accounts and then take appropriate action whatever
that may be. You might also want to develop or modify your security policy
to prohibit such changes or set specific guidelines such as chain of command
or what level of administrators can do such. Beyond that if you have a
Windows XP Pro computer in the domain that you could use as an admin
workstation you can install adminak for Windows 2003 on it [free download
from Microsoft] and use the Active Directory command line tools dsquery,
dsget, and dsmod to find and change those accounts that have been
configured with password never expires. --- Steve

http://www.jsifaq.com/SUBO/tip7300/rh7330.htm
http://www.jsifaq.com/SUBO/tip7300/rh7337.htm
http://www.microsoft.com/technet/prodtechnol/windowsser...

"James Robetson" <jrobertson@calaveras.k12.ca.us> wrote in message
news:esh4OJUbFHA.796@TK2MSFTNGP09.phx.gbl...
> Ok in my organization I have some admins that like to give some users the
> right to not have to change their passwords from time to time. I want
> this option to be gone from ADU&C Account Properties Tab "Password Never
> Expires". Can this be done?
>
> James
>
Anonymous
June 10, 2005 3:02:01 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"I know of know way for that to be done" should be I know of no way for that
to be done. Back to English class for me. --- Steve


"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:eqUQwAXbFHA.2984@TK2MSFTNGP15.phx.gbl...
>I know of know way for that to be done. You can however enable auditing of
>account management in Domain Controller Security policy to find out who is
>doing such and to what accounts and then take appropriate action whatever
>that may be. You might also want to develop or modify your security policy
>to prohibit such changes or set specific guidelines such as chain of
>command or what level of administrators can do such. Beyond that if you
>have a Windows XP Pro computer in the domain that you could use as an admin
>workstation you can install adminak for Windows 2003 on it [free download
>from Microsoft] and use the Active Directory command line tools dsquery,
>dsget, and dsmod to find and change those accounts that have been
>configured with password never expires. --- Steve
>
> http://www.jsifaq.com/SUBO/tip7300/rh7330.htm
> http://www.jsifaq.com/SUBO/tip7300/rh7337.htm
> http://www.microsoft.com/technet/prodtechnol/windowsser...
>
> "James Robetson" <jrobertson@calaveras.k12.ca.us> wrote in message
> news:esh4OJUbFHA.796@TK2MSFTNGP09.phx.gbl...
>> Ok in my organization I have some admins that like to give some users the
>> right to not have to change their passwords from time to time. I want
>> this option to be gone from ADU&C Account Properties Tab "Password Never
>> Expires". Can this be done?
>>
>> James
>>
>
>
!