Administrators BLaaaaHHHH

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Ok in my organization I have some admins that like to give some users the
right to not have to change their passwords from time to time. I want this
option to be gone from ADU&C Account Properties Tab "Password Never
Expires". Can this be done?

James
2 answers Last reply
More about administrators blaaaahhhh
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    I know of know way for that to be done. You can however enable auditing of
    account management in Domain Controller Security policy to find out who is
    doing such and to what accounts and then take appropriate action whatever
    that may be. You might also want to develop or modify your security policy
    to prohibit such changes or set specific guidelines such as chain of command
    or what level of administrators can do such. Beyond that if you have a
    Windows XP Pro computer in the domain that you could use as an admin
    workstation you can install adminak for Windows 2003 on it [free download
    from Microsoft] and use the Active Directory command line tools dsquery,
    dsget, and dsmod to find and change those accounts that have been
    configured with password never expires. --- Steve

    http://www.jsifaq.com/SUBO/tip7300/rh7330.htm
    http://www.jsifaq.com/SUBO/tip7300/rh7337.htm
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3558c421-ba3d-4b8f-a107-b9058cc0f286.mspx

    "James Robetson" <jrobertson@calaveras.k12.ca.us> wrote in message
    news:esh4OJUbFHA.796@TK2MSFTNGP09.phx.gbl...
    > Ok in my organization I have some admins that like to give some users the
    > right to not have to change their passwords from time to time. I want
    > this option to be gone from ADU&C Account Properties Tab "Password Never
    > Expires". Can this be done?
    >
    > James
    >
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    "I know of know way for that to be done" should be I know of no way for that
    to be done. Back to English class for me. --- Steve


    "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    news:eqUQwAXbFHA.2984@TK2MSFTNGP15.phx.gbl...
    >I know of know way for that to be done. You can however enable auditing of
    >account management in Domain Controller Security policy to find out who is
    >doing such and to what accounts and then take appropriate action whatever
    >that may be. You might also want to develop or modify your security policy
    >to prohibit such changes or set specific guidelines such as chain of
    >command or what level of administrators can do such. Beyond that if you
    >have a Windows XP Pro computer in the domain that you could use as an admin
    >workstation you can install adminak for Windows 2003 on it [free download
    >from Microsoft] and use the Active Directory command line tools dsquery,
    >dsget, and dsmod to find and change those accounts that have been
    >configured with password never expires. --- Steve
    >
    > http://www.jsifaq.com/SUBO/tip7300/rh7330.htm
    > http://www.jsifaq.com/SUBO/tip7300/rh7337.htm
    > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3558c421-ba3d-4b8f-a107-b9058cc0f286.mspx
    >
    > "James Robetson" <jrobertson@calaveras.k12.ca.us> wrote in message
    > news:esh4OJUbFHA.796@TK2MSFTNGP09.phx.gbl...
    >> Ok in my organization I have some admins that like to give some users the
    >> right to not have to change their passwords from time to time. I want
    >> this option to be gone from ADU&C Account Properties Tab "Password Never
    >> Expires". Can this be done?
    >>
    >> James
    >>
    >
    >
Ask a new question

Read More

Policy Microsoft Windows