Archived from groups: microsoft.public.win2000.group_policy (
More info?)
That won't work. Password policy can only be applied at the domain level.
Password policies applied at the OU level will only affect accounts in the
local SAM on a server / workstation.
"Erik Szewczyk" <ErikSzewczyk@discussions.microsoft.com> wrote in message
news:E8AAE7AB-8BFC-49ED-AFA6-B60098059873@microsoft.com...
> Or better yet apply your password restrictions to an OU that your service
accounts are not contained within.
>
> -Erik
>
> --
> This post is provided "AS IS" and without warranty, expressed or implied.
In no event shall I be liable for any damages whatsoever resulting from the
application of the posted content.
>
>
> "Mark Renoden [MSFT]" wrote:
>
> > Hi
> >
> > In the Account Tab of the Properties sheet for the user account in AD,
set
> > "Password never expires"
> >
> > Kind regards
> > --
> > Mark Renoden [MSFT]
> > Windows Platform Support Team
> > Email: markreno@online.microsoft.com
> >
> > Please note you'll need to strip ".online" from my email address to
email
> > me; I'll post a response back to the group.
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> >
> > "huff-n-puff" <huffnpuff@discussions.microsoft.com> wrote in message
> > news:8C3493CB-E45E-414E-9885-7322E60224AD@microsoft.com...
> > > Hi
> > >
> > > I want to set a complex password policy that changes every 90 days or
so,
> > > which I can do.
> > >
> > > BUT how do I account for the many service accounts on my domain such
as
> > > SQL sa accounts etc, as these are non interactive they will get
locked
> > > every 90 days unless someone logs in as them and sets the password.
> > >
> > > Any idea on ways to solve this, I presume a second domainis one way,
any
> > > others?
> > >
> > > Thanks
> > >
> > > M
> >
> >
> >