+ Reply to Thread
Results 1 to 2 of 2

Thread: Changing Domain Password Settings via GPO

  1. 11-18-2009, 03:40 PM #1
    dfresh
    dfresh is offline Getting Started on GPanswers.com
    Join Date
    Dec 1969
    Posts
    6

    Default Changing Domain Password Settings via GPO

    What's the best way to go about implementing this change?

    1. Just change the Default Domain Policy?
    2. Create a new policy to reflect the new settings and apply it at the domain level?

    Also if we have some accounts that have the box checked "Password never expires", such as critical systems workstations, will the GPO override this option?


    TIA
    Doug
    Reply With Quote Reply With Quote
  2. 12-03-2009, 10:31 AM #2
    sluice
    sluice is offline Getting Started on GPanswers.com
    Join Date
    Dec 2009
    Posts
    2

    Default Change Domain Policy

    You should change the default Domain Policy to reflect the new settings. Then create three new groups:
    1. Deny_local_logon and apply deny local logon to that group
    2. Deny_remote_logon and prevent remote access through Terminal Server
    3. Service Accounts into which you put all the service accounts. Tick the box for password never changes for that group. That will override the higher level policy.
    Put the Service accounts group into the other 2 groups.
    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


Search Engine Friendly URLs by vBSEO