2003 server - Tuesday, March 4, 2008 5:25 - 0 Comments

Exempting User Accounts from Domain Password Policies

There’s one exemption to how domain password policies are applied.

In an Active Directory environment, password policies for users accounts are determined by the Group Policy settings found under Computer ConfigurationWindows SettingsSecurity SettingsAccount PoliciesPassword Policy. These policy settings (there are six of them) apply uniformly to all users in the domain. In other words, you can’t exempt a particular user account from these policy settings even if you wanted to.

With one exception: by enabling the Password Never Expires on the Accounts tab of a user account’s Properties sheet in Active Directory Users and Computers, you can override (for that user) the domain-wide policy setting for Maximum Password Age. It’s usually best to reserve this option only for custom service accounts however.

Article written by MyComputerAid.com