Password Policy and AD

[Wayner]

Hi,
I would like to set up a password policy - single domain,
40 users, couple of DCs, win2K and exchange2k servers. I
do not want the admin password to have to be changed like
the users. Should I make the changes in the domain
security policy - account policy settings and then check
password never expires for admin account? Will the GP
overide this setting? Or should I create a group or ou for
users and apply the security policy to the ou? I really do
not know what to do for this second approach and would
probably mess it up without specific steps to follow.
What/where is a good guideline for this?
Thanks much - Wayner

 

[Derek Melber [MVP]]

configure the domain policy for "the users" and then just modify the
administrator user account to never expire the password. Here, you can
manually set the password as you feel you should.

 

[Laura E. Hunter \(MVP\)]

Any accounts that you manually set to "Password never expires" in the ADUC
MMC console will not be affected by the password policy. That's what I do
with my service accounts, since I don't want them expiring manually - I set
them to never expire, then manually change the password and re-start the
services on a regular basis.