Re: Maximum machine account password age

---

• From: Paul Adare <padare@xxxxxxxxxxx>
• Date: Sun, 19 Mar 2006 03:50:38 -0500

---

In article <ehTRN8uSGHA.5552@xxxxxxxxxxxxxxxxxxxx>, in the
microsoft.public.windows.server.security news group, Joe Richards [MVP]
<humorexpress@xxxxxxxxxxx> says...

Computer password accounts don't expire. In fact computers don't ever have to
change their password, you could have password policy of 30 days and computers
with passwords 2500 days old will still be working just fine.

Perhaps this is a semantics issue but computer account passwords do in
fact expire and are changed on a regular basis. As an experiment, setup
a DC and a member computer in two virtual machines with undo disks
enabled. After a period of time (which will vary depending on the OS in
use) shut down and save changes on the DC and then shut down and discard
changes on the member computer. Restart both and see what happens.

Again, knowing what Joe knows, I'm assuming that this is just semantics
and that I'm probably reading his response in a way that is different
from what he intended. He is definitely correct that password expiration
policy does not affect computer account passwords.

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain
.

---

• Follow-Ups:
  • Re: Maximum machine account password age
    • From: Joe Richards [MVP]
  • Re: Maximum machine account password age
    • From: Roger Abell [MVP]

• References:
  • Maximum machine account password age
    • From: MC
  • Re: Maximum machine account password age
    • From: Joe Richards [MVP]

• Prev by Date: Re: Find SID for a local user Account
• Next by Date: Re: Maximum machine account password age
• Previous by thread: Re: Maximum machine account password age
• Next by thread: Re: Maximum machine account password age
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: PasswordFilter and ASP.NET ... > Joe Richards Microsoft MVP Windows Server Directory Services ... >> history though, I think it only checks complexity, etc. ... >>> A lot of the password policy you can actually read by querying the DC. ... (microsoft.public.platformsdk.security) Re: Active Directory Fails as LDAP Address Book ... Joe Richards Microsoft MVP Windows Server Directory Services ... A similar method is used with Entourage in grabbing the GAL (Microsoft Entourage is an web http based email client and uses LDAP directories). ... (microsoft.public.windows.server.active_directory) Re: Calling IMailboxStore.CreateMailbox fails ... Joe Richards Microsoft MVP Windows Server Directory Services ... I have the requirement that I need to assign a mailbox to each ... (microsoft.public.exchange.development) Re: I was just wondering ... I think people are tried of false marketing claims ... Joe Richards Microsoft MVP Windows Server Directory Services ... (microsoft.public.security) Re: PasswordFilter and ASP.NET ... Joe Richards wrote:> There is actually an API call for checking if a password would fail> policy that is new but I will be darned if I can find it right now. ... > Joe Richards Microsoft MVP Windows Server Directory Services ... >> A lot of the password policy you can actually read by querying the>> DC. ... (microsoft.public.platformsdk.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)