don't want service accounts locked out

From: Tom McComb (tmccomb@coolsavings.com)
Date: 06/19/02


From: "Tom McComb" <tmccomb@coolsavings.com>
Date: Wed, 19 Jun 2002 11:10:22 -0500


Ok, all. Let's see if I can state my issue clearly. Our current security
policy includes having account lockouts after 3 bad password attempts, and
the usual Strong Password Policy (per MS instructions installing the
passfilt.dll). And while it can sometimes be a pain the neck, all seems to
work reasonably well (except, of course, when I lock myself out after
changing my own password :) Problem is, I have a few "service" accounts
that I need to make sure do NOT get locked out. Stuff that runs some
internal apps, etc. I've tried the "user cannot change password" and
"password never expires", and myself and the other net admin here originally
thought that would do it. Apparently, we're wrong.

Any ideas how I can keep our current lockout policy, *and* make sure those
service accounts don't get locked out?

TIA,

Tom McComb



Relevant Pages

  • Re: Password Policy Basics
    ... but assumed the POLICY would be applied to ALL ... so lcoal machines might start enforcing that policy on ... No, the local accounts are not effected by the domain policy, except you link the policy also to the OU like Florian states. ... I was thinking of service accounts on the servers... ...
    (microsoft.public.windows.group_policy)
  • RE: Group Policy: multiple password policies in the same domain?
    ... Subject: Group Policy: multiple password policies in the same ... service accounts, and our company must be SAS70 type-II certified. ...
    (Focus-Microsoft)
  • Re: Password Policy Basics
    ... set up a password policy via Group Policy, ... change only the DOMAIN login accounts, not all the local accounts too. ... But what local service accounts do you have? ... For this option NEVER use an Administrator account for service accounts or configuration tasks, create for your service accounts always new accounts without a profile and only the minimum rights for that service and a really strong password, that you have to save on a secure plcae. ...
    (microsoft.public.windows.group_policy)
  • RE: Group Policy: multiple password policies in the same domain?
    ... there can only be 1 password policy for each account ... affect the local accounts on the servers in scope of that GPO. ... time I'm trying to enforce stronger passwords for service accounts like ... Would applying the policy to a specific set of computers affect only the ...
    (Focus-Microsoft)
  • RE: Group Policy: multiple password policies in the same domain?
    ... the policy is just ignored. ... Subject: Group Policy: multiple password policies in the same domain? ... I'm trying to lock down some domain "service" accounts (backup, ... time I'm trying to enforce stronger passwords for service accounts like ...
    (Focus-Microsoft)