Educause Security Discussion
mailing list archives
Re: Active Directory Password Policy for functional accounts?
From: Brad Judy <win-hied () BRADJUDY COM>
Date: Mon, 3 Dec 2012 08:54:51 -0700
You can use the LastLogon attribute for the housecleaning aspect and disable
accounts that haven't logged in for X days.
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rick Baker
Sent: Monday, December 03, 2012 6:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Active Directory Password Policy for functional
We are wondering what other higher education institutions are doing with
their functional accounts in active directory. The functional accounts are
for service purposes that we implemented 180 days password policy but
service could break after the password expires - some are asking to enable
"password never expires" (PNE) on these accounts.
Other question is if we enable PNE on accounts, how do you keep track of
which accounts are being in use or not for "housekeeping" to keep our active