Re: Expiring inactive acounts
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Thu, 21 Dec 2006 16:43:03 -0500
Microsoft took that option away with 2K due to various implementation issues. I can't recall the details, look at the KBs there might be some info on it. Long story short, you can't set it.
If you want to disable IDs that have expired, then you can write something or use a tool that is already written to do it. You can use my oldcmp (yes it does users too) to do that work if you like. Google for oldcmp, should be the first hit. The rest of the hits will be people talking about it.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
vashi wrote:
I want to ensure that Windows 2000 domain users who are not logging in.
for 60 days cannot login later without admin intervention.
In Windows NT 4.0 I used to enable the checkbox "User must login to
change password" and had a password expiry of 60 days. So if somebody
logged in after 60 days he could not login.administrator had to reset his expired password. This was an indirect way to expire inactive accounts.
In Windows 2000 how do I achieve this ? I donot see this option "User
must login to change password" anywhere. I have set the password
expiry for 60 days. But somebody who logs in after 60 days also can
use his old password , immediately change to new one and login
successfully. Or is there a better way in Windows 2000 to automatically disable
inactive accounts ?
- Prev by Date: Re: Account Lockout
- Next by Date: Requesting Certificate from Subordinate CA
- Previous by thread: Account Lockout
- Next by thread: Re: Expiring inactive acounts
- Index(es):
Relevant Pages
|
