Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Active Directory Password Policy for functional accounts?
From: Brad Judy <win-hied () BRADJUDY COM>
Date: Mon, 3 Dec 2012 08:54:51 -0700

You can use the LastLogon attribute for the housecleaning aspect and disable
accounts that haven't logged in for X days.  


Brad Judy


From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rick Baker
Sent: Monday, December 03, 2012 6:34 AM
Subject: [SECURITY] Active Directory Password Policy for functional


We are wondering what other higher education institutions are doing with
their functional accounts in active directory.  The functional accounts are
for service purposes that we implemented 180 days password policy but
service could break after the password expires - some are asking to enable
"password never expires" (PNE) on these accounts.


Other question is if we enable PNE on accounts, how do you keep track of
which accounts are being in use or not for "housekeeping" to keep our active
directory clean?



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]