• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 590
  • Last Modified:

Password Never Expires greyed out

Hey all. We've got an issue that is causing security alerts and are trying to figure this out.

The server was a member server before. The administrator account was set to "password never expires". After using DCPROMO and promoting it to DC in a new domain, the "password never expires" check box is now greyed out, but is still checked. We are in need of unchecking this box but cannot figure out how to do it. Anyone have this issue and solve it?

Thanks for your help.

Art
0
arthurfl
Asked:
arthurfl
  • 6
  • 3
  • 3
  • +1
1 Solution
 
VahikCommented:
I hope this would help

   There is no issue to be solve that is build in and default administrator that window 2000 creates and that box is always grayed out .If u want u could create another administrator with same membership and that one u could have that option. U could also right click on the administrator and press reset the password if u want.
0
 
arthurflAuthor Commented:
Hey Vahik.  Thanks for the response.  What confuses me is that the administrator account is NOT greyed out if it is not on a domain controller.  It's only a local domain controller that greys out that button.  Any suggestions?

Thanks,
Art
0
 
VahikCommented:
there is only one DC there  is no such thing as local domain controller and they all have the same default unless u create another admin with same permissins and membership and u delete the origional one.
But I would only suggest renaming that administrator instead.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
arthurflAuthor Commented:
Hey Vahik.  Thanks for the response.  What confuses me is that the administrator account is NOT greyed out if it is not on a domain controller.  It's only a local domain controller that greys out that button.  Any suggestions?

Thanks,
Art
0
 
arthurflAuthor Commented:
Hey there....what I mean by local domain controller is the local administrator account ON the domain controller for the domain.  I was hoping there was some registry setting where we could uncheck that box cause even renaming the account or changing permissions will still through that security alert of having a password that doesn't expire.

Thanks again,
Art
0
 
VahikCommented:
usualy companies make the administrator passwords very complex so they dont want to change the password every day unless they have to they do it manualy by reseting the password .specially  they dont want someone to apply a policy to screw up administrators password  But like I said u could create a name with same mambership and permissions and delete that one if u want.
0
 
matguyCommented:
Probably the biggest reason I can see to have that greyed out is for protection of the Administrator password in a multi-admin setting.  You want your password changes to be a collaberated event so all have the correct information, not a spur of the moment system warning reply. Any other passowrd in the system can be replaced by the administrator account, but if there is only one administrator account and the administrators are locked out of it the system quickly becomes useless.

It's a safeguard to keep the Administrator account working.
0
 
arthurflAuthor Commented:
Hey there.  It's starting to look like that there is nothing we can do about getting that box greyed out.  Vahik's idea of changing the name (which we've done) and applying different permissions may be the only way to go.  It won't stop the security alerts (box still checked), but at least they alerts will be uselss because it's an account with no privs.  If anyone does have a certain idea how to ungrey that box, keep the ideas coming.

Thanks,
Art
0
 
matguyCommented:
I don't understand what's causing the security alerts, with the box checked it shouldn't ask for the password to be changed.  Is it some other application that's surveying your security that's giving you this alert?
0
 
arthurflAuthor Commented:
Hey there.  Yes, it's a third party application that scans all our boxes and looks for things like that.  So we either uncheck that box somehow (which is my preference), or we have them stop scanning for that issue.  I'd rather have it unchecked as we want them to continue to scan for that.

Art
0
 
arthurflAuthor Commented:
Hey there.  Yes, it's a third party application that scans all our boxes and looks for things like that.  So we either uncheck that box somehow (which is my preference), or we have them stop scanning for that issue.  I'd rather have it unchecked as we want them to continue to scan for that.

Art
0
 
matguyCommented:
Well, instead of changing a safeguard that could lock you out of your domain controler, I would contact the third party software maker and see if there's a way you can set it to not check for the expired pasword setting on the domain controler only (being you can't, and really shouldn't if you could turn it on anyway.)
0
 
cempashaCommented:
This question is still open and getting old. If any of the comment(s) above helped you please accept it as an answer or split the points who ever helped you in this question. Your attention in finalising this question is very much appreciated. Thanks in advance,

****** PLEASE DO NOT ACCEPT THIS AS AN ANSWER ********

- If you would like to close this question and have your points refunded, please post a question in community support area on http://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you      

Pasha

Cleanup Volunteer


0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 6
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now