Complex Password Policy and service accounts

G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Hi

I want to set a complex password policy that changes every 90 days or so, which I can do.

BUT how do I account for the many service accounts on my domain such as SQL sa accounts etc, as these are non interactive they will get locked every 90 days unless someone logs in as them and sets the password.

Any idea on ways to solve this, I presume a second domainis one way, any others?

Thanks

M
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Set the "password never expires" property on the user account associated
with the service.

hth
DDS W 2k MVP MCSE

"huff-n-puff" <huffnpuff@discussions.microsoft.com> wrote in message
news:854C5ABD-FB94-484A-8C0A-740ED667DAF8@microsoft.com...
> Hi
>
> I want to set a complex password policy that changes every 90 days or so,
which I can do.
>
> BUT how do I account for the many service accounts on my domain such as
SQL sa accounts etc, as these are non interactive they will get locked
every 90 days unless someone logs in as them and sets the password.
>
> Any idea on ways to solve this, I presume a second domainis one way, any
others?
>
> Thanks
>
> M
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

And note that you should STILL change the password every 90 days or consider
this a nice juicy security hole.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net



Danny Sanders wrote:
> Set the "password never expires" property on the user account associated
> with the service.
>
> hth
> DDS W 2k MVP MCSE
>
> "huff-n-puff" <huffnpuff@discussions.microsoft.com> wrote in message
> news:854C5ABD-FB94-484A-8C0A-740ED667DAF8@microsoft.com...
>
>>Hi
>>
>>I want to set a complex password policy that changes every 90 days or so,
>
> which I can do.
>
>>BUT how do I account for the many service accounts on my domain such as
>
> SQL sa accounts etc, as these are non interactive they will get locked
> every 90 days unless someone logs in as them and sets the password.
>
>>Any idea on ways to solve this, I presume a second domainis one way, any
>
> others?
>
>>Thanks
>>
>>M
>
>
>