Exempting User Accounts from Domain Password Policies

  • Section(s): Active Directory , Admin , Security
  • Created on Apr 27, 2007.
  • Last Modified on Jun 14, 2007.
  • Last Modified by Mitch Tulloch.
  • Rated 1 out of 5 based on 1 votes.
There's one exemption to how domain password policies are applied.
In an Active Directory environment, password policies for users accounts are determined by the Group Policy settings found under Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy. These policy settings (there are six of them) apply uniformly to all users in the domain. In other words, you can’t exempt a particular user account from these policy settings even if you wanted to.

With one exception: by enabling the Password Never Expires on the Accounts tab of a user account’s Properties sheet in Active Directory Users and Computers, you can override (for that user) the domain-wide policy setting for Maximum Password Age. It’s usually best to reserve this option only for custom service accounts however.

***

Mitch Tulloch was lead author for the Windows Vista Resource Kit from Microsoft Press, which is THE book for IT pros who want to deploy, maintain and support Windows Vista in mid- and large-sized network environments. For more information see www.mtit.com.

Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred Anti Virus Appliance solution?