llandajuela
asked on
Unable to change account properties like: "password never expires", to the Administrator account
I need tthe administrator of my Windows 2000 domain to have a password that expires, like everybody else. To do it, i go to the Account Tab in the properties of the Administrator account and i find that every checkbox from "Password never expires" to the bottom is simply disabled, i cannot change them, and of course the option "Password never expires" is activated.
I think that this is the only account i have this problem with.
I would like to know if it is possible to set an expiration for the administrator account. If its not and this behavior is by design, i would like a reference from Microsoft (article) describing such behavior.
Thanks
I think that this is the only account i have this problem with.
I would like to know if it is possible to set an expiration for the administrator account. If its not and this behavior is by design, i would like a reference from Microsoft (article) describing such behavior.
Thanks
jvuz
Make sure you don't have local admin rights, but domain admin rights.
Jvuz, is correct. With Domain Admin privileges you can set the settings on the Domain Administrator account. This is just a confirmation, not an answer.
J
J
ASKER
Of course, i am domain admin and i cannot change just the checkboxes i mentioned, all the rest i can change.
I can change these checkboxes of every other domain account.
I can change these checkboxes of every other domain account.
Open the Administrator account in active directory, from the properties page, select the Security Tab. Under security, list the permissions that have been granted to Domain Admins. Additionally, what happens if you log in with the Administrator account, can it changes its own properties?
J
J
ASKER
Every permission is by default, never changed security of any Active Directory object. But if i check them i see that domain admin have privileges to write and read (full control). I believe this is a default behavior, if you take a look at one of your domains you will see it, i have seen it in various different domains of different servers.
No, the administrator os not able to change its own properties.
Doesnt this happen to you? I Took a look at THREE different domains and it was all the same!!!
No, the administrator os not able to change its own properties.
Doesnt this happen to you? I Took a look at THREE different domains and it was all the same!!!
It doesn't. I am not sure why there are differences. Because of this thread I tried to research and see if there are limitation on the account, and I can't find any details on it. I will keep looking.
J
J
ASKER
Would it be of any help if i would send to you a screen capture so you can see HOW IT LOOKS?, just to make sure we're talking about the same problem here.
Has the account been moved from the original OU, is it possible that permissions have been changed on the OU in Active Directory?
Experts-Exchange doesn't like people sending emails, if you can post it on a web site and include a link, that is acceptable.
J
Experts-Exchange doesn't like people sending emails, if you can post it on a web site and include a link, that is acceptable.
J
ASKER
The account is its default OU (Users)
Not possible for me to post it on a web site, sorry.
In order to clarify, i installed a brand new domain to see what happened, and it was disabled, so everything is in its default configuration, nothing changed.
Not possible for me to post it on a web site, sorry.
In order to clarify, i installed a brand new domain to see what happened, and it was disabled, so everything is in its default configuration, nothing changed.
We are talking about 2 different things. I have the options and I can change them, but... I am sorry I had forgotten the part about the expiration does not apply to the administrator account even when set.
You cannot disable, delete or set an account lock-out on the Administrator account. (You can set an expiration date, but it will not lock out the account when it passes).
J
You cannot disable, delete or set an account lock-out on the Administrator account. (You can set an expiration date, but it will not lock out the account when it passes).
J
ASKER
I wish you could see every checkbox disabled from "password never expires" to the bottom.
If you say that you cannot set an expiration date, i would like some official reference from Microsoft.
If you say that you cannot set an expiration date, i would like some official reference from Microsoft.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Nice research job, i guess that im going to have to accept it as an answer, eventhough i still dont feel i have a clear explanation of why those checboxes are disabled, and yours are not.
Believe me that every domain i install looks the same, im not able to uncheck the "Password never expires" checbox of the Administrator account.
Thank you for your help
Believe me that every domain i install looks the same, im not able to uncheck the "Password never expires" checbox of the Administrator account.
Thank you for your help
Sorry about that, wish I could have found a much better explanation. I am pretty surprised that I couldn't find a single document that sums it up!
J
J