arthurfl
asked on
Password Never Expires greyed out
Hey all. We've got an issue that is causing security alerts and are trying to figure this out.
The server was a member server before. The administrator account was set to "password never expires". After using DCPROMO and promoting it to DC in a new domain, the "password never expires" check box is now greyed out, but is still checked. We are in need of unchecking this box but cannot figure out how to do it. Anyone have this issue and solve it?
Thanks for your help.
Art
The server was a member server before. The administrator account was set to "password never expires". After using DCPROMO and promoting it to DC in a new domain, the "password never expires" check box is now greyed out, but is still checked. We are in need of unchecking this box but cannot figure out how to do it. Anyone have this issue and solve it?
Thanks for your help.
Art
ASKER
Hey Vahik. Thanks for the response. What confuses me is that the administrator account is NOT greyed out if it is not on a domain controller. It's only a local domain controller that greys out that button. Any suggestions?
Thanks,
Art
Thanks,
Art
there is only one DC there is no such thing as local domain controller and they all have the same default unless u create another admin with same permissins and membership and u delete the origional one.
But I would only suggest renaming that administrator instead.
But I would only suggest renaming that administrator instead.
ASKER
Hey Vahik. Thanks for the response. What confuses me is that the administrator account is NOT greyed out if it is not on a domain controller. It's only a local domain controller that greys out that button. Any suggestions?
Thanks,
Art
Thanks,
Art
ASKER
Hey there....what I mean by local domain controller is the local administrator account ON the domain controller for the domain. I was hoping there was some registry setting where we could uncheck that box cause even renaming the account or changing permissions will still through that security alert of having a password that doesn't expire.
Thanks again,
Art
Thanks again,
Art
usualy companies make the administrator passwords very complex so they dont want to change the password every day unless they have to they do it manualy by reseting the password .specially they dont want someone to apply a policy to screw up administrators password But like I said u could create a name with same mambership and permissions and delete that one if u want.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey there. It's starting to look like that there is nothing we can do about getting that box greyed out. Vahik's idea of changing the name (which we've done) and applying different permissions may be the only way to go. It won't stop the security alerts (box still checked), but at least they alerts will be uselss because it's an account with no privs. If anyone does have a certain idea how to ungrey that box, keep the ideas coming.
Thanks,
Art
Thanks,
Art
I don't understand what's causing the security alerts, with the box checked it shouldn't ask for the password to be changed. Is it some other application that's surveying your security that's giving you this alert?
ASKER
Hey there. Yes, it's a third party application that scans all our boxes and looks for things like that. So we either uncheck that box somehow (which is my preference), or we have them stop scanning for that issue. I'd rather have it unchecked as we want them to continue to scan for that.
Art
Art
ASKER
Hey there. Yes, it's a third party application that scans all our boxes and looks for things like that. So we either uncheck that box somehow (which is my preference), or we have them stop scanning for that issue. I'd rather have it unchecked as we want them to continue to scan for that.
Art
Art
Well, instead of changing a safeguard that could lock you out of your domain controler, I would contact the third party software maker and see if there's a way you can set it to not check for the expired pasword setting on the domain controler only (being you can't, and really shouldn't if you could turn it on anyway.)
This question is still open and getting old. If any of the comment(s) above helped you please accept it as an answer or split the points who ever helped you in this question. Your attention in finalising this question is very much appreciated. Thanks in advance,
****** PLEASE DO NOT ACCEPT THIS AS AN ANSWER ********
- If you would like to close this question and have your points refunded, please post a question in community support area on https://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you
Pasha
Cleanup Volunteer
****** PLEASE DO NOT ACCEPT THIS AS AN ANSWER ********
- If you would like to close this question and have your points refunded, please post a question in community support area on https://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you
Pasha
Cleanup Volunteer
There is no issue to be solve that is build in and default administrator that window 2000 creates and that box is always grayed out .If u want u could create another administrator with same membership and that one u could have that option. U could also right click on the administrator and press reset the password if u want.