mailing list archives
Re: Changing the domain password policy
From: Mike Devlin <mdevlin () boston com>
Date: Fri, 02 Feb 2007 14:17:30 -0500
yes, you are right that if you change the password complexity
requirements/minimum length, all the accounts that don't meet the new
requirements are fine until their password expires or is forced to
rotate. I suppose that if you wanted to be extra safe, you could make a
policy just for the service accounts, and have a different set of
password requirements for these accounts, and have the default domain
policy have the stronger password complexity settings.
Gary Collis wrote:
I wish to amend my windows domain policy to include passowrd
complexity and minimum length. However I have a bunch of service
accounts, of which I do not know all. These passswords are set in AD
to not expire. Am I right in thinking that the changes to the domain
password policy will not effect the accounts that have this attribute
set in AD, until these passwords are actually changed?
How do other people deal with service accounts and their adherence to
domain password policys?