Re: domain security policy
- From: Patrick <Patrick@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 2 Apr 2008 21:28:00 -0700
Thanks your info Brian,
To prevent the requirement to change passwords,
am I right that I can set it from the "Account Tap" of the user property
from "AD User and Computer"--> make it to "never expire".
Thanks again
Patrick
"Brian Komar (MVP)" wrote:
Some answers inline..
"Patrick" <Patrick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F49EB9FC-BD85-4504-A0A0-E48994398E56@xxxxxxxxxxxxxxxx
Thanks all your help.
I want to setup a security policy on Windows 2000 domain environment to
enforce general user to change their password every 3 months and something
like enforce password history, a/c lock out.
I have the following question:
- Is it applied to all domain users inclued "Domain Administrator"?
Yes, unless there is a specific account setting override
- How can exclude some of users like "Domain Administrator" and some
services a/c of above setting?
Yes, for the specific account, you can choose to prevent the requirement to
change passwords. But, if you set up complexity, etc, then it must be
followed.
- If I set these policy in a new created OU level and move geneal user
computer object to this OU (not server and DC object), am I right that the
policy will only apply to these computer.
Nope. Account policy is domain wide in a Windows 2000 (and 2003) domain. It
applies to *all* users in the domain.
- What is the best prastice to apply these domain security setting?
Like you are doing.
Thanks for your help.
Patrick
- References:
- domain security policy
- From: Patrick
- Re: domain security policy
- From: Brian Komar \(MVP\)
- domain security policy
- Prev by Date: Re: domain security policy
- Next by Date: Re: domain security policy
- Previous by thread: Re: domain security policy
- Next by thread: Re: domain security policy
- Index(es):
Relevant Pages
|
