I know of know way for that to be done. You can however enable auditing of
account management in Domain Controller Security policy to find out who is
doing such and to what accounts and then take appropriate action whatever
that may be. You might also want to develop or modify your security policy
to prohibit such changes or set specific guidelines such as chain of
command or what level of administrators can do such. Beyond that if you
have a Windows XP Pro computer in the domain that you could use as an admin
workstation you can install adminak for Windows 2003 on it [free download
from Microsoft] and use the Active Directory command line tools dsquery,
dsget, and dsmod to find and change those accounts that have been
configured with password never expires. --- Steve
http://www.jsifaq.com/SUBO/tip7300/rh7330.htm
http://www.jsifaq.com/SUBO/tip7300/rh7337.htm
http://www.microsoft.com/technet/pr...elp/3558c421-ba3d-4b8f-a107-b9058cc0f286.mspx
James Robetson said:
Ok in my organization I have some admins that like to give some users the
right to not have to change their passwords from time to time. I want
this option to be gone from ADU&C Account Properties Tab "Password Never
Expires". Can this be done?
James
