Password policy vs. "password never expires"

  • Thread starter Thread starter RH
  • Start date Start date
R

RH

On a W2K domain, I know I can set password complexity,
minimum length, expiration, etc. via domain policy. My
question is which takes precedence: a) domain policy or
b) the check box on an individual user account
properties>account next to the "password never expires"?
If the check box overides domain policy, what about
password complexity in the policy? Is that passed down
to the user requiring complex password that then does not
expire? TIA. Ron
 
Password never expires takes precedence.

With this box checked they will still have to abide by the password
complexity requirements.

hth
DDS W 2k MVP MCSE
 
This is accurate. Having this box checked is one way to get around all of
the time elements in a password policy. But, as Danny stated, it will not
help you to avoid having a password that meets with the complexity
requirements.

Say, for example, you have implemented a password policy whereby the
passwords must meet the complexity rule, have a max age of 60 days, a min
age of 10 days, a minimum length of six characters and a password history of
12 passwords remembered.

The CEO - or some other Suit - has a specific password that he uses for
everything and will not want to have anything else. He goes along with this
for awhile but when it comes time to change the password ( after the 60
days ) he has a really hard time. He is not happy about not being able to
use his granddaughter's name! You finally get this done after holding his
hand for an hour. He asks you, "Are we going to have to do this again in
another 60 days?" "Well, yes!", is your response.

Not exactly! Go to his user account object and check the 'password never
expires' check box and he can keep the password that he has now until the
cows come home.

Is this safe and secure? No! But neither is having people write their user
name and password on a little yellow sticky and putting it 'someplace safe'.
This is one of the areas that a lot of uneducated users really complain a
lot - and very loudly! However, if you educate them to the importance of
this they will pipe down! I promise!

HTH,

Cary
 
Back
Top